Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system
1) An integer overflow error in the Vector Markup Language (VML) implementation when processing recolorinfo sections can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted web page or HTML e-mail.
Successful exploitation allows execution of arbitrary code.
NOTE: According to Microsoft, this vulnerability is being actively exploited.
2) A signedness error in the Vector Markup Language (VML) implementation when handling shape types can be exploited to reference user-controlled memory and cause a memory corruption, which may allow execution of arbitrary code.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows Vector Markup Language Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.