HTTP: Internet Explorer VML Fill Overflow
This signature detects attempts to exploit a known vulnerability in Windows Internet Explorer. A malicious Web site can exploit Web pages containing dangerous Vector Markup Language (VML) descriptions that cause buffer overflows. A successful attacker can gain control of the client browser.
Extended Description
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method currently used to exploit this issue will typically terminate Internet Explorer. This vulnerability is currently being exploited in the wild as 'Trojan.Vimalov'. This vulnerability affects Internet Explorer version 6.0 on a fully patched system. Previous versions may also be affected. Update: Microsoft Outlook 2003 is also an attack vector for this issue, since it uses Internet Explorer to render HTML email. Reportedly, attacks are possible even when active scripting has been disabled for email viewing.
Affected Products
Avaya s8100_media_servers,Microsoft windows_xp_media_center_edition
Short Name
HTTP:STC:IE:VML-FILL-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-3866 CVE-2006-4868 Explorer Fill Internet Overflow VML bid:20096
Release Date
09/19/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
9.3