• Home
• Links
• BSD
• Vulnerabilities
• Legal
• About
• Blog

[Shirkdog Security Advisory SHK-002]

Title:
------
VML fill method stack overflow in Internet Explorer

Description of Application:
---------------------------
http://www.microsoft.com/mind/0100/VML/VML.asp

VML stands for the Vector Markup Language that allows for the drawing of vector based images on the fly.

Vulnerability(PoC):
-------------------
Microsoft Internet Explorer suffers from an overflow in the processing of the "fill" function used in VML. When the method argument is passed a large value, IE will crash. Remote code execution is possible and has already been documented elsewhere. T he following is the DoS PoC:

http://www.shirkdog.us/vmlDoS.html


Impact:
----------
This PoC demonstrates the crashing of the browser. Other exploits allow for remote code execution with the rights of the current user.

Risk Level:
--------------
Critical
This vulnerability has been exploited for some time before becoming public knowledge. Malware is currently being spread with this vulnerability.

Solution:
------------
Microsoft has released a patch (MS06-055) for this vulnerability

[Shirkdog Security]
http://www.shirkdog.us/shk-002.html

| Home | Links | BSD | Vulnerabilities | Legal | About | Blog |
© Shirkdog.us | XHTML