Microsoft Windows Vector Markup Language Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Microsoft Windows Vector Markup Language Vulnerabilities
Secunia Advisory:	SA23677	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2007-01-09
Last Update:	2007-01-16
Popularity:	30,517 views

Critical:	Extremely critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Edition Microsoft Windows XP Professional

Software:	Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x

Binary Analysis:	BA30 :: Available for 1 Credit BA29 :: Available for 1 Credit

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2007-0024

Description: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system 1) An integer overflow error in the Vector Markup Language (VML) implementation when processing recolorinfo sections can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted web page or HTML e-mail. Successful exploitation allows execution of arbitrary code. NOTE: According to Microsoft, this vulnerability is being actively exploited. 2) A signedness error in the Vector Markup Language (VML) implementation when handling shape types can be exploited to reference user-controlled memory and cause a memory corruption, which may allow execution of arbitrary code. Solution: Apply patches. Windows XP SP2: http://www.microsoft.com/downloads/de...=81FB6A72-AC8A-4B28-905F-A44691D69432 Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/de...=D06FD167-4F3E-4A2C-B52C-7426DDAD6828 Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/de...=4FEE481F-DACE-4EAC-9AFE-BC28ADD70CC5 Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/de...=C517FB85-128E-43DB-A659-38AF32283716 Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=FF4A1F24-C1E9-4223-965B-14C4793AAF96 Internet Explorer 5.01 SP4 on Windows 2000 SP4: http://www.microsoft.com/downloads/de...=B1C7F765-772C-4EEB-9438-BC820CB929E1 Internet Explorer 6 SP1 on Windows 2000 SP4: http://www.microsoft.com/downloads/de...=922A3569-85D1-4584-9B84-4AA7304C69BB Internet Explorer 7 on Windows XP SP2: http://www.microsoft.com/downloads/de...=55A0A6EC-FEFA-40BB-BB6B-3AAB50275A73 Internet Explorer 7 on Windows XP Pro x64 Edition: http://www.microsoft.com/downloads/de...=B5A8B1F2-6AF0-4F03-989C-C8DE2EACE71D Internet Explorer 7 on Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/de...=08E5CD2E-55C0-4AC9-859F-1B24497B31CE Internet Explorer 7 on Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/de...=48B4D271-D494-4A5C-ABA8-11B3B4584902 Internet Explorer 7 on Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/de...=F9C3E0DE-DB66-4D83-829F-C93052BDB1FA Provided and/or discovered by: 1) Jospeh Moti 2) Discovered internally by the vendor. Changelog: 2007-01-10: Added US-CERT reference. 2007-01-16: Added information about additional vulnerability having been fixed. Original Advisory: MS07-004 (KB929969): http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462 Other References: US-CERT VU#122084: http://www.kb.cert.org/vuls/id/122084

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	10
New vulnerabilities:	33
Updated advisories:	14

Moderately // 7 views

PHP Auto Dealer "v_cat" SQL Injection Vulnerability

Less // 101 views

FreeRADIUS "dialup_admin" Insecure Temporary Files

Moderately // 110 views

PHP Realtor "v_cat" SQL Injection Vulnerability

Highly // 230 views

Opera Multiple Vulnerabilities

Moderately // 130 views

Hero DVD Player M3U Processing Buffer Overflow Vulnerability

Moderately // 123 views

Red Hat update for condor

Moderately // 120 views

Condor Multiple Vulnerabilities

Less // 261 views

Adobe Flash Player "Clickjacking" Security Bypass Vulnerability

Moderately // 133 views

Gentoo update for wordnet

Moderately // 164 views

Red Hat update for kernel

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.