Tech Watch | InfoWorld Staff » New IE 0-day targets VML

September 19, 2006 | Comments: (0)

New IE 0-day targets VML

TAGS: Security

Security experts at Symantec, Sunbelt Software, iDefense the SANS Internet Storm Center, U.S. CERT and others are warning about a nasty and previously undiscovered (0day) vulnerability in the Internet Explorer Web browser.

According to reports, the new exploit targets IE's support of Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. According to U.S. CERT "IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur."

Sunbelt gets the credit for outting this one. The company said it discovered it in the wild, being served from some porn sites yesterday, and that it is "on again off again" at a number of Web sites. Check out the sunbelt blog for some screenshots of the exploit at work.

The exploit allows malicious hackers to break into a fully patched Windows system and run code with the privileges of the local user. Sunbelt said the version it spotted downloaded spyware following the successful exploit.

Microsoft has not issued an official statement on the new hole. But given the IE 0day reported last week in the Microsoft DirectAnimation Path ActiveX control, they're probably pretty busy over there.

With remote exploitation via Web-based drive by download and no patch available, the best recommendation for now is to stop using IE, according to SANS. Symantec advises network administrators to "ensure that outgoing Web access is limited to trusted web sites only, which will limit exposure to attacks."

Posted by Paul Roberts on September 19, 2006 10:37 AM

RATE THIS ARTICLE: