Trend Micro Security

Microsoft Internet Explorer VML Rect Fill Method Buffer Overflow

  危険度: : 緊急
  CVE識別番号: CVE-2006-4868,MS06-055

  概要

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1002061
  Trend Micro Deep Security DPI Rule Name: 1000776 - Microsoft Internet Explorer VML Rect Fill Method Buffer Overflow

  影響を受けるソフトウェア

  • Microsoft Internet Explorer 5.0.1 SP4
  • Microsoft Internet Explorer 6.0
  • Microsoft Outlook 2003