 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
VML Flaw Threatens IE
Published September 20th, 2006 in All Categories, Exploits & Vulnerabilities, Internet Explorer, Internet Explorer 6
Microsoft’s implementation of the Vector Markup Language rendering engine has a vulnerability that
could lead to a buffer overflow and execution of arbitrary code.
Sunbelt Software’s Eric Sites, VP for research and development, posted about an in-the-wild exploit affecting Internet Explorer. The flaw allows for exploitation of a fully-patched system, triggered by visiting in their example an adult website link to malicious code.
Sites noted how they verified and double-checked the instance running on VMware to ensure it had been fully updated per Microsoft’s Baseline Security Analyzer. Despite being patched, the exploit created a buffer overflow and began to run code on the system, installing spyware as it executed. [tag]VML Flaw[/tag]VML Flaw Threatens IE
