Attackers cannot directly exploit this vulnerability and instead must rely on user interaction to accomplish an exploit. An attacker may attempt to convince a user to visit a malicious website by sending links to the user in targeted e-mail messages. Attackers may also embed exploits in public sites as the result of site server compromises or functionality that allows the upload of untrusted third-party content. In this case, the attacker would rely on users to visit those sites on their own.
If an exploit is successful, the attacker could execute arbitrary code with the privileges of the user, which may allow the attacker to completely compromise the system.
Ongoing attacks have been detected. Attackers have used exploits to install malicious software on vulnerable systems.
The update available from Microsoft corrects this vulnerability by preventing the vulnerable control from being instantiated within browser applications.
Event data from Cisco Remote Management Services has detected intrusion prevention system signature activity related to this vulnerability. The data, which was captured on July 21, 2009, could indicate that exploitation of this vulnerability is taking place in the wild.
The Cisco Applied Intelligence team has re-released the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Cisco Applied Mitigation Bulletin: Identifying and Mitigating the Microsoft Windows Video msvidctl ActiveX Control Code Execution Vulnerability