Buffer overflow in Internet Explorer vgx.dll (VML flaw)

Causes a denial-of-service (crash) and can allow remote access

There's a previously unknown buffer-overflow vulnerability affecting Internet Explorer. Specifically, the new vulnerability exists within the Vector Markup Language (VML), a component that specifies vector images in an Extensible Markup Language (XML) document within IE. Current attacks try to execute Trojan horse programs that may allow remote access to a compromised system. While JavaScript is not necessary to exploit the vulnerability, the current attacks do use JavaScript. Thus the only workaround is to disable JavaScript within IE.

In response Microsoft has issued a rare, out-of-cycle patch. Microsoft traditionally issues new security patches on the second Tuesday of each month so that system administrators have time to test the patch before rolling it out to desktops on a network. But because details on how to make an exploit for this Internet Explorer have been posted on the Internet and because various third-party security vendors have issued their own patches, Microsoft rushed this patch.

Additional resources:

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Discuss Buffer overflow in Internet Explorer vgx.dll...

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Galaxy S6 fails to bring back Samsung's mojo