HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-92
Microsoft Internet Explorer Vector Markup Language Code Execution Vulnerability

Original Issue Date: September 21, 2006
Updated on: September 28, 2006

Severity Rating: High

Systems Affected

  • Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Overview

A remote code execution vulnerability has been reported in Microsoft Internet Explorer that could be exploited by an attackers to take complete control of the vulnerable system.

Description

The vulnerability is caused due to a buffer overflow error in the Microsoft Vector Graphics Rendering library (Vgx.dll) while processing Vector Markup Language (VML) documents containing a "rect" shape with an overly long "fill" method.

The attacker could exploit this vulnerability by creating and hosting a malicious website and by persuading the user to visit the website typically by getting them click on a link to the website and could cause denial of service or execute the arbitrary code to take complete control of the vulnerable system.

It has been observed that vulnerability is being widely exploited by Trojan.Vimalov , EXPL_EXECOD.A, Exploit-VMLFill .

Workarounds

  • Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
  • Modify the Access Control List on Vgx.dll to be more restrictive
  • Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.
  • Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-055

References

Microsoft
http://www.microsoft.com/technet/security/advisory/925568.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3679

Secunia
http://secunia.com/advisories/21989/

TrendMicro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
?VName=EXPL%5FEXECOD%2EA

Symantec
http://www.symantec.com/enterprise/security_response/writeup.jsp
?docid=2006-091914-1801-99

McAfee
http://vil.nai.com/vil/content/v_140629.htm

CVE Name
CVE-2006-4868

Revisions:
September 28, 2006: Solution.

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003