Lucene search
+L

148 matches found

exploitdb
exploitdb
added 2007/01/16 12:0 a.m.34 views

Microsoft Internet Explorer - VML Remote Buffer Overflow (MS07-004)

and slightly modified - 2007.1.15 -- v: behavior: urlVMLRender; shellcode =...

7AI score
Exploits0
seebug
seebug
added 2007/01/13 12:0 a.m.20 views

Microsoft Windows矢量标记语言缓冲区溢出漏洞(MS07-004)

Microsoft Windows是微软发布的非常流行的操作系统。 多个Microsoft产品的矢量标记语言(VML)支持中存在整数溢出,远程攻击者可能利用此漏洞控制用户机器。 在vgx.dll中缺少充分的输入验证,两个整数数据做了乘法运算但没有执行整数溢出检查,这可能允许攻击者强制分配比实际需要少的内存。在将用户提供的数据拷贝到新分配的缓冲区时,就会覆盖堆上所储存的函数指针,导致执行任意指令。远程攻击者可能通过诱骗用户访问恶意网页或点击包含恶意内容的邮件来利用此漏洞。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer...

7.5AI score
Exploits0
prion
prion
added 2007/01/09 11:28 p.m.26 views

Integer overflow

Integer overflow in the Vector Markup Language VML implementation vgx.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properti...

9.3CVSS8.1AI score0.46488EPSS
Exploits5References17Affected Software2
canvas
canvas
added 2007/01/09 11:28 p.m.53 views

Immunity Canvas: MS07_004

Name| ms07004 ---|--- CVE| CVE-2007-0024 Exploit Pack| CANVAS Description| Microsoft Windows VML recolorinfo Bug Notes| CVE Name: CVE-2007-0024 VENDOR: Microsoft MSADV: MS07-004 VersionsAffected: Repeatability: References: http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx CVE Url:...

9.3CVSS6.3AI score0.46488EPSS
Exploits5
nvd
nvd
added 2007/01/09 11:28 p.m.27 views

CVE-2007-0024

Integer overflow in the Vector Markup Language VML implementation vgx.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properti...

9.3CVSS7.7AI score0.46488EPSS
Exploits5References17
cvelist
cvelist
added 2007/01/09 11:0 p.m.36 views

CVE-2007-0024

Integer overflow in the Vector Markup Language VML implementation vgx.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properti...

7.7AI score0.46488EPSS
Exploits5References17
cve
cve
added 2007/01/09 11:0 p.m.98 views

CVE-2007-0024

CVE-2007-0024 is the Internet Explorer VML buffer overrun in vgx.dll. The vulnerability affects IE 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1, where crafted VML in a web page can trigger an integer/memory handling flaw that enables remote code execution. Public w...

9.3CVSS7.6AI score0.46488EPSS
Exploits5References17Affected Software1
checkpoint_advisories
checkpoint_advisories
added 2007/01/09 12:0 a.m.23 views

Internet Explorer VML Buffer Overrun (MS07-004; CVE-2007-0024)

Microsoft Internet Explorer IE contains a remote code execution vulnerability. The vulnerability exists in Microsoft Vector Markup Language VML. VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. By convincing a user to visit a specially crafted Web...

9.3CVSS7.6AI score0.46488EPSS
Exploits5
symantec
symantec
added 2007/01/09 12:0 a.m.40 views

Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability

Description Microsoft Windows is prone to a buffer-overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Technologies Affected Avaya...

7.6AI score
Exploits0References5Affected Software6
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.65 views

Microsoft Security Bulletin MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

Microsoft Security Bulletin MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution 929969 Published: January 9, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity...

9.3CVSS0.1AI score0.46488EPSS
Exploits5
cert
cert
added 2007/01/09 12:0 a.m.28 views

Microsoft Internet Explorer VML buffer overflow

Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML,...

9.3CVSS6.7AI score0.46488EPSS
Exploits5References7
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.62 views

Microsoft VML buffer overflow

Buffer overflow and integer overflows on Vector Markup Language parsing. May be used for hidden malware installation...

4AI score0.46488EPSS
Exploits5References2
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.73 views

[Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability

Microsoft Windows VML Element Integer Overflow Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND VML is a component of the Extensible Markup Language XML that specifies vector images e.g., rectangles and ovals. This...

9.3CVSS0.46488EPSS
Exploits5
seebug
seebug
added 2006/10/25 12:0 a.m.33 views

Microsoft IE畸形VML文档处理缓冲区溢出漏洞(MS06-055)

Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer的VML组件存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 VMLVector Markup Language是一种基于XML的矢量图形绘制语言。IE通过vgx.dll提供了对VML语言的支持,可以在解析页面中嵌入的VML,显示矢量图。 vgx.dll的IE5SHADETYPETEXT::Text过程在解析VML的时候存在缓冲区溢出漏洞,利用这个漏洞可以完全控制用户的系统。目前这个漏洞正在被积极的利用。 Microsoft Internet Explorer...

7.6AI score
Exploits0
seebug
seebug
added 2006/10/24 12:0 a.m.17 views

Internet Explorer VML Remote Buffer Overflow (XP SP2, Exploit)

No description provided by source. This exploit invokes calc.exe if successful. -- html xmlns:v="urn:schemas-microsoft-com:vml" head object id="VMLRender" classid="CLSID:10072CEC-8CC1-11D1-986E-00A0C955B42E" /object style v: behavior: urlVMLRender; /style /head body SCRIPT language="javascript"...

7.1AI score
Exploits0
seebug
seebug
added 2006/10/24 12:0 a.m.53 views

MS Internet Explorer (VML) Remote Buffer Overflow Exploit

No description provided by source. / ----------------------------------------------------------------------- vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit !!! 0day !!! Public Version !!! Copyright C 2006 XSec All Rights Reserved. Author : nop : nopxsec.org :...

7.1AI score
Exploits0
seebug
seebug
added 2006/10/24 12:0 a.m.28 views

MS Internet Explorer (VML) Remote Buffer Overflow Exploit (XP SP1)

No description provided by source. !/usr/bin/perl Microsoft Internet Explorer VML Remote Buffer Overflow Windows XP SP0-SP1 + Windows 2000 SP4 Author: Trirat Puttaraksa Kira trir00t at gmail.com http://sf-freedom.blogspot.com For educational purpose only Note: This exploit is modified from...

7.1AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2006/10/18 12:0 a.m.43 views

Internet Explorer VML Rect Fill Method Buffer Overflow (MS06-055; CVE-2006-4868)

Microsoft Internet Explorer is the most widely used Internet browser. Microsoft Internet Explorer fails to handle Vector Markup Language VML tags. VML is a set of XML tags for drawing vector graphics. A remote attacker may trigger this vulnerability to execute arbitrary code on the target system...

9.3CVSS7.2AI score0.62149EPSS
Exploits7
metasploit
metasploit
added 2006/09/27 3:52 a.m.13 views

MS06-055 Microsoft Internet Explorer VML Fill Method Code Execution

This module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code VGX.dll. This module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2. This module requires Metasploit: https://metasploit.com/download...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/27 12:0 a.m.61 views

Microsoft Security Bulletin MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

Microsoft Security Bulletin MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution 925486 Published: September 26, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severi...

9.3CVSS0.3AI score0.62149EPSS
Exploits7
Rows per page
Query Builder