Lucene search

K
saintSAINT CorporationSAINT:6A37B01591A310C332C01DD4BCA3324B
HistorySep 20, 2006 - 12:00 a.m.

Internet Explorer VML rect fill buffer overflow

2006-09-2000:00:00
SAINT Corporation
www.saintcorporation.com
560

EPSS

0.234

Percentile

96.6%

Added: 09/20/2006
CVE: CVE-2006-4868
BID: 20096
OSVDB: 28946

Background

Vector Markup Language (VML) is an XML-based format for vector graphics.

Problem

A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long **fill** parameter within a **rect** tag.

Resolution

http://www.microsoft.com/technet/security/advisory/925568.mspx

References

<http://www.us-cert.gov/cas/techalerts/TA06-262A.html&gt;

Limitations

Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page in a vulnerable browser.

There may be a delay before the exploit succeeds due to the large amount of memory required on the target.

Platforms

Windows