Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability

Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability

References:

Heap Spraying: Exploiting Internet Explorer VML 0-day XP SP2 (Niega)
[1st NEWS] Analysis of CVE-2006-4868 and Patch Description (ZERT)
Analysis of CVE-2006-4668 and Patch Description (ZERT)
Disabling Javascript no longer a valid mitigation for VML exploit (Eric Sites)
Internet Explorer Homepage (Microsoft)
Internet Explorer VML Zero-Day Mitigation (Matthew Murphy)
Microsoft Security Advisory (925568) - Vulnerability in Vector Markup Language C (Microsoft)
Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup Language C (Microsoft)
More options on protecting against recent IE vulnerabilities on a domain (Jesper)
MPack Uncovered (pdf document) (PandaLabs)
New Internet Explorer Zero-Day being utilized. (Websense)
Released Patches Page (ZERT)
SALVO - Stack Overflow in IE 6.x VML. This code will crash IE, and an exploit is (Immunity)
SALVO - Working exploit for stack overflow in IE VML (Immunity)
Seen in the wild: Zero Day exploit being used to infect PCs (Eric Sites)
The VML Flaw Harms Outlook 2003 As Well (Portalit)
Trojan.Vimalov (Symantec Corp.)
Vulnerability Note VU#416092 - Microsoft Internet Explorer VML stack buffer over (US-CERT)
Windows VML Vulnerability FAQ (CVE-2006-4868 (Juha-Matti)
Yet Another Internet Explorer Zero Day (eEye)
Zero-Day Response Team Launches with Emergency IE Patch (eWeek)
Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] (Susan Bradley)
Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] ("Bojan Zdrnja" )
Technical Paper on the ZERT Patch and VML [was: Re: ZERT patch for setSlice()] (Gadi Evron )
Avaya security advisory ASA-2006-238 (Avaya)

Privacy Statement
Copyright 2010, SecurityFocus