Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability

Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that arises because of an error in the processing of Vector Markup Language documents.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method currently used to exploit this issue will typically terminate Internet Explorer.

This vulnerability is currently being exploited in the wild as 'Trojan.Vimalov'.

This vulnerability affects Internet Explorer version 6.0 on a fully patched system. Previous versions may also be affected.

Update: Microsoft Outlook 2003 is also an attack vector for this issue, since it uses Internet Explorer to render HTML email. Reportedly, attacks are possible even when active scripting has been disabled for email viewing.