Microsoft Patch MS06-055 Issued for VML Exploit
Microsoft Security Bulletin MS06-055:
Vulnerability in Vector Markup Language Could Allow Remote Code Execution - Patched
Published: September 26, 2006
This information deals with the VML vgx.dll buffer overflow vulnerability announced on September 19, 2006, and the VML exploits that are currently in the wild.
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
VML Buffer Overrun Vulnerability - CVE-2006-4868:
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft has issued an out-of-cycle patch for the Vector Markup Language vulnerability mentioned above and in a previous entry on my blog. This is a critical vulnerability and if you have not already obtained the patch you should do so immediately. Go to Windows Updates to receive it manually, or turn on Automatic Windows Updates (Control Panel > Automatic Updates), or visit the page linked to above and download the patch for your OS.
Undo the suggested Microsoft workaround if you applied it! See my extended comments for details.
Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered. This security update does not automatically re-register vgx.dll so any applications that render VML will no longer do so until vgx.dll has been re-registered.
To re-register vgx.dll follow these steps:
Copy and paste this code into your Run box (Start > Run) and hit Enter:
regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.
If you get an error message and the code fails, try copying and pasting this command instead:
Click Start, click Run, and type, or copy and paste :
"%SystemRoot%\System32\regsvr32.exe" "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
and then click OK. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
