A vulnerability has been attacked by cybercriminals on the Microsoft Video ActiveX Control.

Finjan claimed that a zero-day vulnerability has been found that can be exploited via a malformed web page and enables remote code execution on the targeted machine. By exploiting this vulnerability, cybercriminals are inserting a data-stealing Trojan to the victim's machine.

Yuval Ben-Itzhak, CTO at Finjan, said: “Web security products utilising real-time code analysis technologies are the preferred solution to block such zero-day attacks. Finjan customers are protected from this zero-day attack as Finjan's Vital Security Web Gateway is able to detect the exploit and block the attack without prior knowledge of the specific technique.”

Microsoft claimed that it is currently working to develop a security update for Windows to address this vulnerability.