Status Tracking Note TRTA06-262A

Microsoft Internet Explorer VML Buffer Overflow

Microsoft Internet Explorer (IE) fails to properly handle Vector Markup Language (VML) tags. This creates a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code.

Event Information

Date (UTC)	Description
2006-09-28 15:15	Internet Security Systems AlertCon (2) => (1)
2006-09-27 02:41	JPCERT/CC JPCERT-AT-2006-0015: Microsoft Windows VML could allow remote code execution
2006-09-26 23:04	US-CERT TA06-262A: Microsoft Internet Explorer VML Buffer Overflow (Update) Update Alert via US-CERT Mailing List
2006-09-26	Microsoft Microsoft Security Advisory (922437): Vulnerability in Word Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-055 to address this issue.
2006-09-26	Microsoft MS06-055: Vulnerability in Word Could Allow Remote Code Execution This update resolves a public vulnerability as well as additional issues discovered through internal investigations.
2006-09-25 23:41	SANS Internet Storm Center VML vuln being actively exploited Messagelabs has reported that E-cards are being used as an attack vector, exploiting the VML vulnerability in MS Internet Explorer to download malware.
2006-09-25	SANS Internet Storm Center Yellow: MSIE VML exploit spreading The VML exploit is now becoming more widespread, so we changed the InfoCon level to yellow to emphasize the need to consider fixes.
2006-09-25	MS Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl) a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092) #Cid: 20096_XP_SP0_SP1_2K.pl #Tested: Windows XP SP2 + IE6 SP1 #Tested: Windows XP SP1 + IE6 SP1 #Tested: Windows XP SP0 + IE6 #Tested: Windows 2000 SP4 + IE6 SP1 #Tested: Windows 2000 SP4 + IE6
2006-09-22 16:00	Internet Security Systems AlertCon (1) => (2)
2006-09-21	MS Internet Explorer (VML) Remote Buffer Overflow Exploit (XP SP1) a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092) #Cid: 20096.pl #Tested: Windows XP SP1 + IE6 SP1 #Tested: Windows XP SP0 + IE6 #Tested: Windows 2000 SP4 + IE6 SP1 #Tested: Windows 2000 SP4 + IE6
2006-09-20 18:03	Bugtraq vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092) #Cid: vml.c #Tested: Windows 2000 Server [CN] + Internet Explorer 6.0 SP1
2006-09-20 08:41	Symantec Trojan.Vimalov: A zero-day exploit in VML, in Internet Explorer
2006-09-20 07:34	JPCERT/CC JPCERT-AT-2006-0015: Microsoft Windows VML could allow remote code execution
2006-09-20	Trend Micro IE Zero Day + Web Attacker Kit We've just received reports of several sites using the new IE zero-day exploit in conjunction with a Web Attacker kit.
2006-09-19 22:30	US-CERT TA06-262A: Microsoft Internet Explorer VML Buffer Overflow Via US-CERT Mailing List
2006-09-19	Internet Security Systems Microsoft Internet Explorer Vector Markup Language Exploit Alert
2006-09-19	Microsoft Microsoft Security Advisory (922437): Vulnerability in Word Could Allow Remote Code Execution Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability.
2006-09-19	SANS Internet Storm Center Yet another MSIE 0-day: VML
2006-09-19	MS Internet Explorer (VML) Remote Denial of Service Exploit PoC a proof-of-concept code for this vulnerability (CVE-2006-4868,VU#416092) #Cid: 20096.html
2006-09-18 10:18	Sunbelt Software. Seen in the wild: Zero Day exploit being used to infect PCs
2006-09-18	Symantec Trojan.Vimalov Exploit for VML Buffer Overrun Vulnerability(bid20096)


Date first published (UTC):	2006-09-22T05:30+00:00
Date last updated (UTC):	2006-09-28T15:40+00:00