Microsoft exploits a video recording application vulnerability in Microsoft Internet Explorer 8, researchers say.
The vulnerabilities are in a video capture application called VideoCapture in Internet Explorer 7.
The researchers said they identified the exploit in a Microsoft vulnerability bulletin.
They published their exploit code, which can be downloaded here.
“We have discovered a vulnerability in the VideoCapture implementation that allows remote code execution via the Web page.
The exploit code is written to be executed by the video capturing application, and it was executed by exploiting the vulnerability,” the researchers wrote.
“This allows the remote attacker to obtain data from the target device.
In addition, the exploit code executes arbitrary code in the Web application.”
Microsoft said in a blog post that it was working with security researchers to make improvements to the implementation of the video capture code.