CVE-2006-4868 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-4868
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4868

Description: Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29004 ST 1016879 SAID Secunia Advisory: SA21989 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100 OSVDB 28946 MSKB http://support.microsoft.com/kb/925486 MS http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx MISC http://blogs.securiteam.com/index.php/archives/624 http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html HP http://www.securityfocus.com/archive/1/archive/1/448552/100/0/threaded CONFIRM http://www.microsoft.com/technet/security/advisory/925568.mspx CERT-VN 416092 CERT http://www.us-cert.gov/cas/techalerts/TA06-262A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/446881/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/446505/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/447070/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446523/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446528/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/446378/100/0/threaded BID 20096

Return to the previous page.