kurt wismer wrote:

> > I don't recall that it was ever shown that any AV product
> > prevented, for example, IE from crashing when exposed to
> > test samples of the VML vulnerability.
>
> i don't recall it either, but that doesn't mean it didn't happen..

Why don't you try something then.

Swap out your patched vgx.dll for an older one, then try this page:

http://209.85.165.104/search?q=cache...lnk&cd=1&gl=ca

It's the google cached version of this:

http://zert.isotf.org/testvml.htm

or this:

http://www.isotf.org/zert/testvml.htm

Which doesn't seem to exist any more, but was designed to trigger the
VML vulnerability.

Presumably NOD-32 should intercept the code before IE is crashed by
it.