Attackers hit new IE vulnerability

Posted on Monday, September 25, 2006 @ 17:40:59 CDT in Security
by Raven

Secunia Advisory: SA21989
Release Date: 2006-09-19
Last Update: 2006-09-25

Critical: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

CVE reference: CVE-2006-4868 (Secunia mirror)

Description: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Microsoft Vector Graphics Rendering(VML) library (vgx.dll) when processing certain content in Vector Markup Language (VML) documents. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a malicious VML document containing an overly long "fill" method inside a "rect" tag with the Internet Explorer browser. Successful exploitation allows execution of arbitrary code with the privileges of the application using the vulnerable functionality in the library. The vulnerability is confirmed on a fully patched Microsoft Windows XP SP2 system. Other versions may also be affected.

NOTE: The vulnerability is currently being actively exploited.

Solution: Un-register Vgx.dll (see the vendor's security advisory for details). Sunbelt recommended that disabling JavaScript may also help to mitigate the attacks.

NOTE: This affects the functionality of applications rendering VML.

Provided and/or discovered by: Discovered as a 0-day.

Sample exploit provided by Sunbelt Software.

Changelog:
2006-09-19: Updated advisory with additional information.
2006-09-20: Added CVE reference.
2006-09-25: Updated "Solution" section.

Original Advisory: Microsoft: http://www.microsoft.com/technet/security/advisory/925568.mspx

Other References: US-CERT VU#416092: http://www.kb.cert.org/vuls/id/416092
 
 
click Related        click Share
 
 
Associated Topics

Bugs


Bugs and Alerts


Microsoft
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 514,151,051
  • Today: 20,278
Server InfoServer Info
  • May 01, 2025
  • 06:14 am CDT