Some days ago has been found new Zero day exploit. The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. It is currently on and off again at a number of sites.
The vulnerability is caused due to a boundary error in the Microsoft Vector Graphics Rendering(VML) library (vgx.dll) when processing certain content in Vector Markup Language (VML) documents. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a malicious VML document containing an overly long “fill” method inside a “rect” tag with the Internet Explorer browser.
Successful exploitation allows execution of arbitrary code with the privileges of the application using the vulnerable functionality in the library.
For block the VML Exploit, try next:
1. Click Start, click Run, type “regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll ” (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered. To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with “regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll” (without the quotation marks).
