The vulnerability has been exploited in the wild since June 11, 2009 (as discovered by X-Force) and was touted by the media and by SANS as being exploited in the wild on July 6, 2009.
According to Symantec research first exploitation of the vulnerability was detected on 2008-12-28.
Advisory: SB2009070601 - Remote code execution in Microsoft Video ActiveX Control
Vulnerable component: Microsoft Video ActiveX Control
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-121 - Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow in the Microsoft Video ActiveX Control, msvidctl.dll. By persuading a victim to visit a specially crafted Web page, a remote attacker can trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
- Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit) [Exploit-DB]
- Microsoft Internet Explorer 7 Video - ActiveX Remote Buffer Overflow [Exploit-DB]