Follow:

Exploit:Win/MSIE.VML.RCE!CVE-2007-0024

Severity rating
Critical

Class/Type
Exploit

Discovered date
2006-12-12T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in Internet Explorer because of the way that it handles Windows Metafile (WMF) images.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

Vector Markup Language (VML) is an XML-based exchange, editing, and delivery format for high-quality vector graphics on the Web that meets the needs of both productivity users and graphic design professionals. A heap overrun in VML content parsing implemented by VGX.DLL could lead to remote code execution in the context of the logged-in user.



Affected software

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Windows Internet Explorer 7 on Microsoft Windows XP Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Windows Internet Explorer 7 on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2



Non-affected software

Windows Vista



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.VML.RCE!CVE-2007-0024
Release Date: 2006-12-12T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Unregister VGX.DLL.
Modify the Access Control List on VGX.DLL to be more restrictive.
Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.
Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail attack vector.
Block VML Vulnerability Traffic with ISA Server.