Alerts
Alerts
Zero-Day Tracker
Common Name:
IE VML
Date Disclosed:
9/19/2006
Date Patched:
9/26/2006
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 6
Description:
A remote code execution vulnerability exists within Internet Explorer which may allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires minimal user-interaction.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS05-055. A third-party patch was also available from ZERT, but eEye suggests the removal of this patch since the official Microsoft patch is now available. Other mitigation included unregistering the VML dll, but that disables the use of VML rendering, which may be integral to some environments or custom apps.
Protection:
Microsoft Patch - MS06-055
Links:
CVE-2006-4868
First Public PoC Code Disclosure (Denial of Service)
Status:
9/26/2006: Patched - MS06-055
Common Name:
IE VML
Date Disclosed:
9/19/2006
Date Patched:
9/26/2006
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 6
Description:
A remote code execution vulnerability exists within Internet Explorer which may allow for a remote attacker to execute arbitrary code under the context of the logged in user. This vulnerability requires minimal user-interaction.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS05-055. A third-party patch was also available from ZERT, but eEye suggests the removal of this patch since the official Microsoft patch is now available. Other mitigation included unregistering the VML dll, but that disables the use of VML rendering, which may be integral to some environments or custom apps.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Microsoft Patch - MS06-055
Links:
CVE-2006-4868
First Public PoC Code Disclosure (Denial of Service)
Status:
9/26/2006: Patched - MS06-055
