CVE-2006-4868 Information

Description

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll) as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2 and possibly other versions allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Reference

http://blogs.securiteam.com/index.php/archives/624 http://secunia.com/advisories/21989 http://securitytracker.com/id?1016879 http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html http://support.microsoft.com/kb/925486 http://www.kb.cert.org/vuls/id/416092 http://www.microsoft.com/technet/security/advisory/925568.mspx http://www.osvdb.org/28946 http://www.securityfocus.com/archive/1/446378/100/0/threaded http://www.securityfocus.com/archive/1/446505/100/0/threaded http://www.securityfocus.com/archive/1/446523/100/0/threaded http://www.securityfocus.com/archive/1/446528/100/0/threaded http://www.securityfocus.com/archive/1/446881/100/200/threaded http://www.securityfocus.com/archive/1/447070/100/0/threaded http://www.securityfocus.com/archive/1/448552/100/0/threaded http://www.securityfocus.com/bid/20096 http://www.us-cert.gov/cas/techalerts/TA06-262A.html http://www.vupen.com/english/advisories/2006/3679 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055 https://exchange.xforce.ibmcloud.com/vulnerabilities/29004 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100