Added: 02/07/2007
CVE: CVE-2007-0024
BID: 21930
OSVDB: 31250
Vector Markup Language (VML) is an XML-based format for vector graphics.
An integer overflow vulnerability in **vgx.dll**
when processing VML elements in a web page allows arbitrary command execution.
Apply the update referenced in Microsoft Security Bulletin 07-004.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462>
<http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx>
Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page.
On Windows 2000 systems there may be a long delay before the exploit succeeds due to the amount of memory required.
Windows 2000
Windows XP