Internet Explorer 7 is vulnerable to the VML hole - patch now!

, posted: 10-Jan-2007 17:03

IE7In September last year, I wrote about the Vector Mark-Up Language zero-day exploit for Internet Explorer, saying:

I'm waiting to hear from MS if IE7 too is vulnerable to the VML hole. It might be, as it looks like it too has support for VML...

I never heard back from Microsoft about whether or not IE7 is vulnerable to VML exploits. Today however, Windows Update delivered a patch for IE7, and it's marked "Critical". Here's what Microsoft Security Bulletin MS07-004 says:

What is the scope of the vulnerability?

This is a remote code execution vulnerability in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message.
If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

If you haven't patched, the workarounds are the same as described in my earlier blog entry.

However, I'm not very impressed by how Microsoft has handled this. Obviously, the hole has existed in IE7 (or the VML component to be more precise) throughout the betas and after it was released. Yet Microsoft was asked about this by me and I'm sure by others as well last year. I queried this in September already. Didn't anyone take notice at MS?

Wonder how many patched IE6 installations were made vulnerable anew after upgrading to IE7, either manually or via Windows Update?

Other related posts:
Fighting with Windows 8
The Windows Phone 7.5 bouncing tiles bug
Windows Live Essentials betas seem good, but oh so flaky

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.