MS VML Exploits in the Wild

On September 19th, Microsoft issued an advisory about a new vulnerability in their Vector Markup Language (VML) implementation.  While this code isn't used often, exploits have been created to leverage this vulnerability through Internet Explorer and Outlook.  At this time, there are no patches available from Microsoft although there are numerous reports of these active exploitation of the vulnerability.

The current workaround is to unregister the VML dll.  Instructions on how to do so can be found at the link below.  Note that unregistering this DLL could cause some applications to not function properly.

http://sunbeltblog.blogspot.com/2006/09/minor-change-to-vml-exploit-mitigation.html

Posted by Addam Schroll on September 25, 2006, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.