ALERT: Microsoft IE VML Buffer Overflow Vulnerability

Thread: ALERT: Microsoft IE VML Buffer Overflow Vulnerability

Search this list only Search all lists
ALERT: Microsoft IE VML Buffer Overflow Vulnerability
	2006-09-22 19:21:42
There is a vulnerability in Microsoft Internet Explorer that can be exploited by an attacker to execute arbitrary code on the target system. Systems can become exploited when browsing to web pages infected with the malicious code. These infected web pages are now becoming more widespread, and in response SNS is advising all campus users to take measures to mitigate this threat. There is no patch available for this vulnerability yet, but the following actions can be taken to reduce the risk to your systems (for a layered approach take as many of these actions as is appropriate in your environment): 1) Make sure all systems are running anti-virus software with current definitions and auto-update enabled. 2) Unregister the vulnerable dll: Click Start, click Run, type: regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" and then click OK (highly recommended, but may cause problems viewing the few websites that render VML). 3) Configure IE6 for Windows XP SP2 to disable Binary and Script behaviors (check Microsoft's advisory page: http://www.microsoft.com/technet/security/advisory /925568.mspx for details on how to do this). 4) Use an alternate web browser until a patch is issued by Microsoft. 5) Configure your email client to display mail as plain text rather than HTML (an HTML email containing the malicious code can also be a vector). 6) Use care when browsing -- do not follow untrusted links sent via email or suspicious links from other sites (but do not rely on this for protection as previously safe sites could become infected with the malicious code). For more information about this vulnerability: http://www.microsoft.com/technet/security/advisory /925568.mspx http://www.kb.c ert.org/vuls/id/416092 http://www.symantec.com/enterpri se/security_response/vulnerability.jsp?bid=20096 -- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley .edu ------------------------------------------------------------ ------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.be rkeley.edu/>.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )