HighRealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware:
This signature detects a heap overflow in a VML document.
High
RealSecure Server Sensor: XPU 24.55, RealSecure Network: XPU 24.55, BlackICE Server Protection: 3.6.cqa, BlackICE PC Protection: 3.6cqa, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.1950, Proventia Network MFS: XPU 1.94, Proventia-G 1.1 and earlier: XPU 24.55, Proventia Network IDS: XPU 24.55, Proventia Desktop: 1950, Proventia Network IPS: XPU 1.94, Proventia Server IPS for Linux technology: 1.94, RealSecure Desktop: eqa, Virtual Server Protection for Vmware: 1.0
Microsoft Internet Explorer: 6.0 SP1, Microsoft Internet Explorer: 5.01 SP4, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: Itanium, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Internet Explorer: 7.0
Unauthorized Access Attempt
Microsoft Internet Explorer is vulnerable to a heap-based buffer overflow in the Microsoft Windows implementation of the Vector Markup Language (VML). By creating a malicious HTML document containing specially-crafted VML records, a remote attacker could overflow a buffer and execute arbitrary code on the system with permissions of the victim, if the attacker could persuade the victim to open the malicious file. An attacker could exploit this vulnerability by hosting the file on a Web site or sending it to a victim as an email attachment.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-004
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx
iDefense Labs PUBLIC ADVISORY: 01.09.07
Microsoft Windows VML Element Integer Overflow Vulnerability
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=462
US-CERT Vulnerability Note VU#122084
Microsoft Internet Explorer VML buffer overflow
http://www.kb.cert.org/vuls/id/122084
Microsoft Security Bulletin MS07-050
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx
Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
Microsoft Security Bulletin MS09-004
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx
Microsoft Security Bulletin MS09-017
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx
Microsoft Security Bulletin MS09-062
Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
http://www.microsoft.com/technet/security/bulletin/ms10-003.mspx
Microsoft Security Bulletin MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
http://www.microsoft.com/technet/security/bulletin/ms10-004.mspx
Microsoft Security Bulletin MS10-028
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
Microsoft Security Bulletin MS10-036
Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Microsoft Security Bulletin MS10-056
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
http://www.microsoft.com/technet/security/bulletin/ms10-056.mspx
Microsoft Security Bulletin MS10-057
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
http://www.microsoft.com/technet/security/bulletin/ms10-057.mspx
Microsoft Security Bulletin MS10-079
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx
Microsoft Security Bulletin MS10-087
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
http://www.microsoft.com/technet/security/bulletin/ms10-087.mspx
Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Microsoft Security Bulletin MS11-008
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx
Microsoft Security Bulletin MS11-029
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
http://www.microsoft.com/technet/security/bulletin/ms11-029.mspx
Microsoft Security Bulletin MS11-021
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
http://www.microsoft.com/technet/security/bulletin/ms11-021.mspx
Microsoft Security Bulletin MS11-023
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
http://www.microsoft.com/technet/security/bulletin/ms11-023.mspx
Microsoft Security Bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
http://www.microsoft.com/technet/security/bulletin/ms11-045.mspx
Microsoft Security Bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx
Microsoft Security Bulletin MS11-060
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
http://www.microsoft.com/technet/security/bulletin/ms11-060.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-072
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
http://www.microsoft.com/technet/security/bulletin/ms11-072.mspx
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS11-096
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
http://technet.microsoft.com/en-us/security/bulletin/MS11-096
Microsoft Security Bulletin MS12-028
Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)
http://technet.microsoft.com/en-us/security/bulletin/ms12-028
Microsoft Security Bulletin MS12-029
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
http://technet.microsoft.com/en-us/security/bulletin/ms12-029
Microsoft Security Bulletin MS12-034
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
http://technet.microsoft.com/en-us/security/bulletin/ms12-034
ISS X-Force
Microsoft Internet Explorer VML record buffer overflow
http://www.iss.net/security_center/static/31287.php
CVE
CVE-2007-0024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0024