Status Tracking Note TRTA06-262A

Microsoft Internet Explorer VML Buffer Overflow

Overview

Microsoft Internet Explorer (IE) fails to properly handle Vector Markup Language (VML) tags. This creates a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code.
Event Information


Date (UTC)Description
2006-09-28 15:15 Internet Security Systems
AlertCon (2) => (1)
2006-09-27 02:41 JPCERT/CC
JPCERT-AT-2006-0015: Microsoft Windows VML could allow remote code execution
2006-09-26 23:04 US-CERT
TA06-262A: Microsoft Internet Explorer VML Buffer Overflow (Update)
Update Alert via US-CERT Mailing List
2006-09-26 Microsoft
Microsoft Security Advisory (922437): Vulnerability in Word Could Allow Remote Code Execution
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-055 to address this issue.
2006-09-26 Microsoft
MS06-055: Vulnerability in Word Could Allow Remote Code Execution
This update resolves a public vulnerability as well as additional issues discovered through internal investigations.
2006-09-25 23:41 SANS Internet Storm Center
VML vuln being actively exploited
Messagelabs has reported that E-cards are being used as an attack vector, exploiting the VML vulnerability in MS Internet Explorer to download malware.
2006-09-25 SANS Internet Storm Center
Yellow: MSIE VML exploit spreading
The VML exploit is now becoming more widespread, so we changed the InfoCon level to yellow to emphasize the need to consider fixes.
2006-09-25
MS Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl)
a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092)
#Cid: 20096_XP_SP0_SP1_2K.pl
#Tested: Windows XP SP2 + IE6 SP1
#Tested: Windows XP SP1 + IE6 SP1
#Tested: Windows XP SP0 + IE6
#Tested: Windows 2000 SP4 + IE6 SP1
#Tested: Windows 2000 SP4 + IE6
2006-09-22 16:00 Internet Security Systems
AlertCon (1) => (2)
2006-09-21
MS Internet Explorer (VML) Remote Buffer Overflow Exploit (XP SP1)
a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092)
#Cid: 20096.pl
#Tested: Windows XP SP1 + IE6 SP1
#Tested: Windows XP SP0 + IE6
#Tested: Windows 2000 SP4 + IE6 SP1
#Tested: Windows 2000 SP4 + IE6
2006-09-20 18:03 Bugtraq
vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit
a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092)
#Cid: vml.c
#Tested: Windows 2000 Server [CN] + Internet Explorer 6.0 SP1
2006-09-20 08:41 Symantec
Trojan.Vimalov: A zero-day exploit in VML, in Internet Explorer
2006-09-20 07:34 JPCERT/CC
JPCERT-AT-2006-0015: Microsoft Windows VML could allow remote code execution
2006-09-20 Trend Micro
IE Zero Day + Web Attacker Kit
We've just received reports of several sites using the new IE zero-day exploit in conjunction with a Web Attacker kit.
2006-09-19 22:30 US-CERT
TA06-262A: Microsoft Internet Explorer VML Buffer Overflow
Via US-CERT Mailing List
2006-09-19 Internet Security Systems
Microsoft Internet Explorer Vector Markup Language Exploit Alert
2006-09-19 Microsoft
Microsoft Security Advisory (922437): Vulnerability in Word Could Allow Remote Code Execution
Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability.
2006-09-19 SANS Internet Storm Center
Yet another MSIE 0-day: VML
2006-09-19
MS Internet Explorer (VML) Remote Denial of Service Exploit PoC
a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092)
#Cid: 20096.html
2006-09-18 10:18 Sunbelt Software.
Seen in the wild: Zero Day exploit being used to infect PCs
2006-09-18 Symantec
Trojan.Vimalov
Exploit for VML Buffer Overrun Vulnerability(bid20096)


Date first published (UTC): 2006-09-22T05:30+00:00
Date last updated (UTC): 2006-09-28T15:40+00:00