Article ID: 972890 - Last Review: July 14, 2009 - Revision: 2.1

Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/972890.mspx (http://www.microsoft.com/technet/security/advisory/972890.mspx)

RESOLUTION

Microsoft has completed the investigation into a public report of this vulnerability. We have issued security bulletin MS09-032 (http://go.microsoft.com/fwlink/?LinkId=157386) to address this issue. For more information about this issue, including download links for an available security update, please review security bulletin MS09-032. The vulnerability that is addressed is the Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015.

For more information about how to obtain the security update release that resolves this issue, click the following article number to view the article in the Microsoft Knowledge Base:
973346  (http://support.microsoft.com/kb/973346/ ) MS09-032: Cumulative Security Update of ActiveX Kill Bits
For more information about security bulletin MS09-032, visit the following Microsoft Web page:
http://go.microsoft.com/fwlink/?LinkId=157386 (http://go.microsoft.com/fwlink/?LinkId=157386)
For more information about the Video ActiveX Control Vulnerability, visit the following Microsoft Web page:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0015)
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Back to the top
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbsurveynew KB972890