Results 1 to 5 of 5
  1. #1
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Latest security hole

    From Marc Liron. A Microsoft MVP:
    There is a new security risk that there has been discovered, that MS does not yet have a patchfix for.
    -----------------------------------------------------------------------

    The security "exploit" essentially revolves around the way that the Microsoft Internet Explorer browser handles a particular form of graphics known as "vector graphics".

    A properly crafted webpage can be created to exploit this problem and install almost anything the hacker/criminal wants on the target machine!

    In reality this will mean lots of spyware and malware to steal personal information such as bank accounts etc.

    Should I Be Worried?

    Yes and No.
    --------------------------------------------------------------------
    To read the full explanation and text of his message go to: NoPatch

    It seems common sense security and updated hotfixes will avoid MOST of these problems but until a patch is out, this is heads up.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,568
    Thanks
    5
    Thanked 1,056 Times in 925 Posts

    Re: Latest security hole

    This is not just an IE issue. It is a Windows issue with vgx.dll. ANY program that uses this dll is vulnerable. See Microsoft Security Advisory (925568): Vulnerability in Vector Markup Language Could Allow Remote Code Execution for a more thorough explanation.

    Joe
    Joe

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Latest security hole

    Am I correct in understanding that Firefox does not try to interpret VML. It just ignores it?

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,568
    Thanks
    5
    Thanked 1,056 Times in 925 Posts

    Re: Latest security hole

    I don't use FF. But, that is my understanding after a brief search. It appears that there may have been a plugin or two created.

    Joe
    Joe

  5. #5
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Latest security hole

    Microsoft has now released an update for the Vulnerability in VML. The update bulletin can be found together with the other bulletins in Microsoft Security Bulletin Summary for September, 2006.

    The direct link to MS06-055 (925486) is: Microsoft Security Bulletin MS06-055.

    For those who want to use this update and who has previously used a workaround to un-register the vgx.dll, a reminder:

    "This security update does not automatically re-register vgx.dll so any applications that render VML will no longer do so until vgx.dll has been re-registered."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •