FrSIRT - Microsoft Internet Explorer Vector Markup Language Code Execution Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Microsoft Internet Explorer Vector Markup Language Code Execution Vulnerability

Title : Microsoft Internet Explorer Vector Markup Language Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2006-3679
CVE ID : CVE-2006-4868
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-09-19

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a buffer overflow error in the Microsoft Vector Graphics Rendering library (Vgx.dll) when processing Vector Markup Language (VML) documents containing a "rect" shape with an overly long "fill" method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page [...]

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

Credits

Vulnerability reported by Sunbelt Software

ChangeLog

2006-09-19 : Initial release
2006-09-19 : Microsoft Security Advisory (925568)
2006-09-26 : Updated Solution (MS06-055)

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Cisco BBSM "msg" Parameter Cross Site Scripting Vulnerability
	Cisco Unified Presence Remote Denial of Service
	Cisco Unified Communications Manager Denial of Service
	Cisco Content Switching Module Remote Denial of Service Vulnerability
	Cisco Network Admission Control Shared Secret Disclosure Vulnerability
	Cisco UC Disaster Recovery Framework Command Execution Vulnerability
	Cisco IOS Denial of Service and Information Disclosure Vulnerabilities

	IBM Lotus Quickr WYSIWYG Editors Cross Site Scripting Vulnerability
	IBM Rational Build Forge Remote Denial of Service Vulnerability
	IBM WebSphere Application Server Java Plugin Vulnerability
	IBM Lotus Expeditor "cai:" URI Handler Command Injection Vulnerability
	IBM DB2 Universal Database Local Privilege Escalation Vulnerabilities
	IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
	IBM Lotus Notes Keyview Module Remote Buffer Overflow Vulnerabilities