Monday, September 25, 2006

IE7 is immune to VML exploit

First of all.. what is the VML exploit?

First discovered by Sunbelt, the VML exploit allows a malicious website to install software without your knowledge or permission. The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. Microsoft has been informed and we are hoping for a patch to be released in the October security update release.

Until then, the only way to protect your self from this exploit is to unregister the VML.dll or upgrade to IE7

Yes you did read correctly, IE7 is immune to this vulnerability. Fellow MVP, Sandi Hardmeier has written about this in her blog Spyware Sucks, not only are there some great screen shots but also links to further information.

If you are unable or unwilling to upgrade to IE7 then Bleeping Computer have recently posted an excellent tutorial on how to disable and unregister this dll.


Microsoft have released a security update today to address this issue..

Security Update for Windows XP (KB925486)
Date last published: 9/26/2006
Typical download size: 250 KB
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.