Public exploits available
On this page
A remote code execution vulnerability exists in Internet Explorer because of the way that it handles Windows Metafile (WMF) images.
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Technical details (analysis)
Vector Markup Language (VML) is an XML-based exchange, editing, and delivery format for high-quality vector graphics on the Web that meets the needs of both productivity users and graphic design professionals. A heap overrun in VML content parsing implemented by VGX.DLL could lead to remote code execution in the context of the logged-in user.
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Windows Internet Explorer 7 on Microsoft Windows XP Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
Windows Internet Explorer 7 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Windows Internet Explorer 7 on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
Release Date: 2006-12-12T00:00:00
Known false positives
No known false positives at this time.
Modify the Access Control List on VGX.DLL to be more restrictive.
Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.
Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail attack vector.
Block VML Vulnerability Traffic with ISA Server.