Follow:

Exploit:Win/VML.Fill.RCE!CVE-2006-4868

Severity rating
Critical

Class/Type
Exploit

Discovered date
2006-10-05T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows.



Impact

An attacker who successfully exploited this vulnerability could take complete control of an affected system.



Technical details (analysis)

An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. A VML tag with a particular attribute has a fixed buffer that can be overflowed.



Affected software

Microsoft Internet Explorer 5.x
Microsoft Internet Explorer 6
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Outlook 2003
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6



Non-affected software

All those not on affected applications list.



References




Solutions




NIS signature

Name: Exploit:Win/VML.Fill.RCE!CVE-2006-4868
Release Date: 2006-10-05T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Unregister VGX.DLL.
Modify the Access Control List on VGX.DLL to be more restrictive.
Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.
Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version, to help protect yourself from the HTML e-mail attack vector.
Block VML Vulnerability Traffic with ISA Server.