Internet Explorer VML integer overflow

2007-02-07T00:00:00
ID SAINT:0AF929078C80108CC7DBBF7C2DC7BE26
Type saint
Reporter SAINT Corporation
Modified 2007-02-07T00:00:00

Description

Added: 02/07/2007
CVE: CVE-2007-0024
BID: 21930
OSVDB: 31250

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

An integer overflow vulnerability in **vgx.dll** when processing VML elements in a web page allows arbitrary command execution.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-004.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462>
<http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx>

Limitations

Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page.

On Windows 2000 systems there may be a long delay before the exploit succeeds due to the amount of memory required.

Platforms

Windows 2000
Windows XP