Vulnerability in Vector Markup Language
Could Allow Remote Code Execution (925486)
Overview
A remote code execution vulnerability exists in the Vector
Markup Language (VML) implementation in Microsoft Window.
An attacker could exploit the vulnerability by constructing
a specially crafted Web page or HTML e-mail that could potentially
allow remote code execution if a user visited the Web page
or viewed the message. An attacker who successfully exploited
this vulnerability could take complete control of an affected
system.
Required
All Windows systems should apply the Microsoft patch. Make
sure you reboot after the patch is installed.
Widows
2000 IE5 patch
Widows
2000 IE6 patch
Windows
XP patch
Windows
2003 Server patch
Information about the patch and additional patch versions
can found here: http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition, and Windows NT have reached the end of their support
life cycles. There is no patch available for these operating
systems. If you have one of these legacy operating systems
you should prioritize upgrading.
Make sure you have antivirus installed and the virus definitions
are current. Antivirus vendors are doing a good job thus far
in keeping definitions updated. LBNL has a site license for
Symantec antivirus which is available here.
Also a reminder that Mozilla Firefox is the lab standard
web browser. If you use Internet Explorer you should
consider switching to Firefox to avoid exposure to Internet
Explorer vulnerabilities. The lab customized version of Mozilla
Firefox can be downloaded here.
Threat Scenarios
The following section describes the common scenarios in which
an attacker would try to use the VML vulnerability to compromise
your PC.
- In a Web-based attack scenario, an attacker would have
set up a malicious web page. An attacker would have to then
persuade you to visit the web site, typically by getting
you to click a link, or place the malicious files on a website
your frequent. The web based attack scenario is similar
to threats in the past where Internet Explorer or Mozilla
have unpatched flaws. Users should always be careful about
the website they visit, but especially so with this new
vulnerability.
- In an E-mail based attack, you would be persuaded to click
on a link within a malicious e-mail or open an attachment
in the email. While the LBNL virus wall protects you from
many of these attacks, there is still the threat of an email
virus not caught by the virus wall. Users should always
be careful about opening email message attachments and using
links in email messages. If an email appears questionable,
please forward to virusmaster@lbl.gov
- In other attack scenarios, the attacker must get a malicious
file on your systems. This could be accomplished via p2p,
file sharing in instant messaging applications, open shares,
etc. The user then must open the file or it is purported
that indexing programs such as Google desktop could trigger
the malicious file. Like the web based attack scenario,
this is not a new threat. If an attacker can place a malicious
file on your system or trick you into getting a malicious
file via p2p or instant messaging file sharing your system
will be compromised.
Current Status
The following section lists the current status of this threat.
This section is updated as conditions change.
- Public exploit code is available
- No widespread outbreaks reported
- Microsoft has released a patch
Questions
If you have questions or comment please send them to cppm@lbl.gov.
If you require assistance getting the patch installed please
contact the help desk at x4357 or help@lbl.gov.
Links
The following are useful links for information about this
vulnerability.
<< Back
to Alerts Home
|
