Info

Disclosure

Jan 09, 2007

Discovery

Oct 03, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

A heap buffer overflow exists in Microsoft Internet Explorer. The browser's vml rendering engine fails to check the length of a unspecified buffer. With a specially crafted request that contains vml graphics, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Unregister the vgx.dll.

Products

Microsoft Corporation	Internet Explorer	5
		6
		7

References

Security Tracker: 1017489
CERT VU: 122084
CVE ID: 2007-0024 (see also: NVD)
Bugtraq ID: 21930
Secunia Advisory ID: 23677
SCIP VulDB ID: 2811
Related OSVDB ID: 31250
ISS X-Force ID: 31287
Microsoft Knowledge Base Article: 929969
VUPEN Advisory: ADV-2007-0105 ADV-2007-0129
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0254.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0386.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0416.html
http://www.securityfocus.com/archive/1/archive/1/457053/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/457164/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/ie_vml_int_overflow
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
Generic Informational URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
http://support.microsoft.com/?kbid=929969
http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
http://www.us-cert.gov/cas/techalerts/TA07-009A.html
http://www.w3.org/TR/NOTE-VML
Vendor Specific News/Changelog Entry: http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
News Article: http://www.eweek.com/article2/0,1759,2082416,00.asp
Microsoft Security Bulletin: MS07-004
US-CERT Cyber Security Alert: TA07-009A

Credit

Moti Joseph - -

Direct URL: http://osvdb.org/31250

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit