Lucene search
SAINT CorporationSAINT:78333D76396B15F814E3097A42677226HistoryFeb 07, 2007 - 12:00 a.m.
Internet Explorer VML integer overflow
2007-02-0700:00:00
SAINT Corporation
www.saintcorporation.com
11
0.966 High
EPSS
Percentile
99.5%
Added: 02/07/2007
CVE: CVE-2007-0024
BID: 21930
OSVDB: 31250
Background
Vector Markup Language (VML) is an XML-based format for vector graphics.
Problem
An integer overflow vulnerability in **vgx.dll** when processing VML elements in a web page allows arbitrary command execution.
Resolution
Apply the update referenced in Microsoft Security Bulletin 07-004.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462>
<http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx>
Limitations
Exploit works on Internet Explorer 6.0 and requires a user to load the exploit page.
On Windows 2000 systems there may be a long delay before the exploit succeeds due to the amount of memory required.
Platforms
Windows 2000
Windows XP
Related
saint
saint
Internet Explorer VML integer overflow
2007-02-07 00:00:00
Internet Explorer VML integer overflow
2007-02-07 00:00:00
Internet Explorer VML integer overflow
2007-02-07 00:00:00
prion
prion
Integer overflow
2007-01-09 23:28:00
Design/Logic Flaw
2010-03-29 19:30:00
openvas
openvas
Microsoft Windows Vector Markup Language Vulnerabilities (929969)
2010-07-08 00:00:00
Microsoft Windows Vector Markup Language Vulnerabilities (929969)
2010-07-08 00:00:00
canvas
canvas
Immunity Canvas: MS07_004
2007-01-09 23:28:00
securityvulns
securityvulns
cert
cert
Microsoft Internet Explorer VML buffer overflow
2007-01-09 00:00:00
cvelist
cvelist
CVE-2007-0024
2007-01-09 23:00:00
CVE-2010-1179
2010-03-29 19:00:00
cve
cve
CVE-2007-0024
2007-01-09 23:28:00
CVE-2010-1179
2010-03-29 19:30:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer VML Buffer Overrun (MS07-004; CVE-2007-0024)
2007-01-09 00:00:00
Internet Explorer VML Buffer Overrun (MS07-004) - Ver2 (CVE-2007-0024)
2014-04-16 00:00:00
nessus
nessus