Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Hi folks, this is Geoff again, IE Program Manager focused on security updates. A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security updates required to protect your systems(s) from potential attacks.
For further information on this vulnerability and the location of the update please see the following links:
I also want to mention that IE7 on Vista IS NOT affected by this vulnerability as a newer version of the control was released in Windows Vista.
Thank you for taking the time to read this post and have a great day!
Geoff Silva
Program Manager
Comments
Anonymous
January 09, 2007
Uh, does anyone anywhere actually use the vector markup? I can't think of a single instance anywhere. An exploit might be the single actual instance of it being used. Anyone? A good example might be interesting (non exploit, preferably)Anonymous
January 09, 2007
The comment has been removedAnonymous
January 09, 2007
"I also want to mention that IE7 on Vista IS NOT affected by this vulnerability as a newer version of the control was released in Windows Vista." Well, but at least Windows Vista RC1 is affected, even though IE7 on Vista may not be: http://www.microsoft.com/downloads/details.aspx?FamilyID=052484bf-2fd4-4922-b1a9-1f0da9bc727b&DisplayLang=en Bye, FreudiAnonymous
January 09, 2007
The comment has been removedAnonymous
January 09, 2007
@Ottmar Windows Vista RTM is NOT affected.Anonymous
January 09, 2007
Thanks for mentioning, glad I read this before Windows Update notified me it had downloaded new updates. (Anyone else hate self-proclaimed security software that thinks your computer is insecure when you've set it to "download" and KEEPS reminding you of it EVERY TIME YOU LOG ON TO WINDOWS?!)Anonymous
January 10, 2007
The comment has been removedAnonymous
January 11, 2007
@Xepol You want an example of an application that use vml, google earth uses vml to draw polylines. @Mark I doubt any other browsers use the vml plugin as they have moved onto bigger and better things e.g. svg and canvas.Anonymous
January 11, 2007
The comment has been removed