Executive Summary
Summary | |
---|---|
Title | Microsoft Windows VML compressed content integer underflow |
Informations | |||
---|---|---|---|
Name | VU#468800 | First vendor Publication | 2007-08-14 |
Vendor | VU-CERT | Last vendor Modification | 2007-08-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#468800Microsoft Windows VML compressed content integer underflowOverviewMicrosoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft IE version 5.0 and higher supports the Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. VGX.DLL provides VML support for Internet Explorer. VGX.DLL contains an integer underflow vulnerability in the handling of compressed VML content.II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.III. SolutionApply an updateThis issue is addressed by Microsoft Security Bulletin MS07-050. This bulletin provides an updated version of VGX.DLL.
Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Do not follow unsolicited links In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting. Disable Active Scripting Although this vulnerability does not require Active Scripting to be enabled, known exploits targeting this issue use Active Scripting to place malicious code on a vulnerable system. To block this attack vector, it is recommended that Active Scripting be disabled. For instructions on how to disable Active Scripting in Microsoft Internet Explorer, please refer to the Internet Explorer section of the Securing Your Web Browser document. Systems Affected
Referenceshttp://www.us-cert.gov/reading_room/securing_browser/ Thanks to Microsoft for reporting this vulnerability, who in turn credit eEye Digital Security. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/468800 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1784 | |||
Oval ID: | oval:org.mitre.oval:def:1784 | ||
Title: | VML Buffer Overrun Vulnerability | ||
Description: | Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-1749 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-07-08 | Name : Microsoft Windows Vector Markup Language Buffer Overflow (938127) File : nvt/ms07-050.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36390 | Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Ov... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-08-16 | IAVM : 2007-A-0045 - Microsoft Internet Explorer Vector Markup Language Remote Code Execution Vuln... Severity : Category II - VMSKEY : V0014825 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12282 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12281 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer VML source file memory corruption attempt RuleID : 12280 - Revision : 17 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-14 | Name : Arbitrary code can be executed on the remote host through the email client or... File : smb_nt_ms07-050.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:03 |
|
2013-05-11 12:26:37 |
|