A vulnerability has been discovered in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of Vector Markup Language (VML) documents. This can be exploited by e.g. tricking a user into viewing a malicious VML document containing an overly long "fill" method inside a "rect" tag.
Successful exploitation allows execution of arbitrary code and is currently being exploited in the wild.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Secunia Security
Reply With Quote