Home » Story links » Nov1's story links

New VML exploit found, considered unreliable

Link: http://www.scmagazine.com/us/news/article/626623/new-vml-exp...
Points: 1173 views User: Nov1 Comments: 2 Comments Tag:

Hours after hackers posted public code designed to take advantage of the recently patched Microsoft vector markup language (VML) vulnerability, VeriSign iDefense security researchers discovered a private, in-the-wild exploit attacking the bug.

Users could be affected if they visit a website exploiting the integer overflow vulnerability and if they have not patched their systems with the latest fix, released Jan. 8, said Ken Dunham, director of VeriSign iDefense Rapid Response Team.

But the exploit is not widespread and appears unreliable following a round of tests this morning, Dunham said. "It doesn't work all the time, even if you have an unpatched machine," he told SCMagazine.com today.

According to a Microsoft bulletin, the vulnerability could permit an attacker to execute remote code and take "complete control of an affected system."


Email: Email this Story to a Friend

Direct link to the exploit

Submitted by Param on Wed, 2007-01-17 19:38.

Here is the direct link to exploit - Milworm - MS07-004 VML integer overflow exploit

»

Another MS07-004 Exploit Released...

Submitted by Param on Thu, 2007-01-18 15:41.

Here is the direct link to exploit - Milworm - MS07-004 VML integer overflow exploit (2)

»

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.