Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006
CVE: CVE-2006-4868
BID: 20096
OSVDB: 28946

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag.

Resolution

http://www.microsoft.com/technet/security/advisory/925568.mspx

References

http://www.us-cert.gov/cas/techalerts/TA06-262A.html

Limitations

Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page in a vulnerable browser.

There may be a delay before the exploit succeeds due to the large amount of memory required on the target.

Platforms

Windows

Back to exploit index