3 matches found
Microsoft Windows Vector Markup Language Buffer Overflow (938127)
This security update resolves a privately reported vulnerability in the Vector Markup Language VML implementation in Windows. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewe...
Microsoft IE向量标记语言VGX.DLL远程堆溢出漏洞(MS07-050)
BUGTRAQ ID: 25310 CVECAN ID: CVE-2007-1749 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE的VML在处理压缩的数据时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 VGX.DLL是IE中负责渲染VML的组件,该组件中的CDownloadSink类实现处理从VML中内嵌URL所下载的数据。例如,以下VML会下载由VGX.DLL!CDownloadSink::OnDataAvailable处理的额外内容: v:rect v:imagedata src="http://malice/compressed.emz...
CVE-2007-1749
CVE-2007-1749 is a VML/VGX.DLL heap-buffer-overflow remote-code-execution vulnerability in Internet Explorer versions 5.01, 6 and 7 caused by an integer underflow in CDownloadSink::OnDataAvailable when processing compressed VML content. The vulnerability can be triggered by a specially crafted we...