Secure_Net... Surf on the Wave

Alerts, News, Tests, Scan Online, Threats... and more !

Secunia Advisory : Microsoft Windows Vector Markup Language Buffer Overflow

Tuesday, January 9, 2007 9:00:27 PM

, , ,

Microsoft Windows Vector Markup Language Buffer Overflow


- Extremely critical - From remote - Issued 1 hour ago.

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.


Secunia Advisory: SA23677

Release Date: 2007-01-09

Critical: Extremely critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Description:

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the Vector Markup Language (VML) implementation and can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted web page or HTML e-mail.

Successful exploitation allows execution of arbitrary code.

NOTE: According to Microsoft, the vulnerability is being actively exploited.

Solution:

Apply patches.

Windows XP SP2:

http://www.microsoft.com/downloads/de...=81FB6A72-AC8A-4B28-905F-A44691D69432

Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/de...=D06FD167-4F3E-4A2C-B52C-7426DDAD6828

Windows Server 2003 (optionally with SP1):

http://www.microsoft.com/downloads/de...=4FEE481F-DACE-4EAC-9AFE-BC28ADD70CC5

Windows Server 2003 for Itanium-based systems (optionally with SP1):

http://www.microsoft.com/downloads/de...=C517FB85-128E-43DB-A659-38AF32283716

Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/de...=FF4A1F24-C1E9-4223-965B-14C4793AAF96

Internet Explorer 5.01 SP4 on Windows 2000 SP4:

http://www.microsoft.com/downloads/de...=B1C7F765-772C-4EEB-9438-BC820CB929E1

Internet Explorer 6 SP1 on Windows 2000 SP4:

http://www.microsoft.com/downloads/de...=922A3569-85D1-4584-9B84-4AA7304C69BB

Internet Explorer 7 on Windows XP SP2:

http://www.microsoft.com/downloads/de...=55A0A6EC-FEFA-40BB-BB6B-3AAB50275A73

Internet Explorer 7 on Windows XP Pro x64 Edition:

http://www.microsoft.com/downloads/de...=B5A8B1F2-6AF0-4F03-989C-C8DE2EACE71D

Internet Explorer 7 on Windows Server 2003 (optionally with SP1):

http://www.microsoft.com/downloads/de...=08E5CD2E-55C0-4AC9-859F-1B24497B31CE

Internet Explorer 7 on Windows Server 2003 for Itanium-based systems (optionally with SP1):

http://www.microsoft.com/downloads/de...=48B4D271-D494-4A5C-ABA8-11B3B4584902

Internet Explorer 7 on Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/de...=F9C3E0DE-DB66-4D83-829F-C93052BDB1FA

Original Advisory:

MS07-004 (KB929969):

http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

iDefense Labs:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462

Go to Secunia website.

[/ALIGN]

Browsers : Internet Explorer Unsafe for 284 Days in 2006OS X Leopard... more than two million copies...

Write a comment

New comments have been disabled for this post.