Public exploits available
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. A VML tag with a particular attribute has a fixed buffer that can be overflowed.
All those not on affected applications list.
No known false positives at this time.
Modify the Access Control List on VGX.DLL to be more restrictive.
Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.
Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail attack vector.
Block VML Vulnerability Traffic with ISA Server.