Internet Explorer VML integer overflow

Added: 02/07/2007
CVE: CVE-2007-0024
BID: 21930
OSVDB: 31250

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-004.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx

Limitations

Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page.

On Windows 2000 systems there may be a long delay before the exploit succeeds due to the amount of memory required.

Platforms

Windows 2000
Windows XP

Back to exploit index