Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
info
discussion
exploit
solution
references
Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
References:
Heap Spraying: Exploiting Internet Explorer VML 0-day XP SP2
(Niega)
[1st NEWS] Analysis of CVE-2006-4868 and Patch Description
(ZERT)
Analysis of CVE-2006-4668 and Patch Description
(ZERT)
Disabling Javascript no longer a valid mitigation for VML exploit
(Eric Sites)
Internet Explorer Homepage
(Microsoft)
Internet Explorer VML Zero-Day Mitigation
(Matthew Murphy)
Microsoft Security Advisory (925568) - Vulnerability in Vector Markup Language C
(Microsoft)
Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup Language C
(Microsoft)
More options on protecting against recent IE vulnerabilities on a domain
(Jesper)
MPack Uncovered (pdf document)
(PandaLabs)
New Internet Explorer Zero-Day being utilized.
(Websense)
Released Patches Page
(ZERT)
SALVO - Stack Overflow in IE 6.x VML. This code will crash IE, and an exploit is
(Immunity)
SALVO - Working exploit for stack overflow in IE VML
(Immunity)
Seen in the wild: Zero Day exploit being used to infect PCs
(Eric Sites)
The VML Flaw Harms Outlook 2003 As Well
(Portalit)
Trojan.Vimalov
(Symantec Corp.)
Vulnerability Note VU#416092 - Microsoft Internet Explorer VML stack buffer over
(US-CERT)
Windows VML Vulnerability FAQ (CVE-2006-4868
(Juha-Matti)
Yet Another Internet Explorer Zero Day
(eEye)
Zero-Day Response Team Launches with Emergency IE Patch
(eWeek)
Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]
(Susan Bradley)
Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]
("Bojan Zdrnja"
)
Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()]
(Gadi Evron
)
Avaya security advisory ASA-2006-238
(Avaya)
Privacy Statement
Copyright 2009, SecurityFocus
