Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013
CVE: CVE-2013-2551
BID: 58570
OSVDB: 91197

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 13-037.

References

http://secunia.com/advisories/53327/

Limitations

This exploit has been tested against Microsoft Internet Explorer 8, 9, and 10 with KB2817183 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit in Internet Explorer 8, 9 or 10 on the target.

Platforms

Windows

Back to exploit index