Microsoft Internet Explorer-“ VML”填充方法代码执行（MS06-055）（Metasploit）

2023-12-14 04:25:32 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

CVE编号

CVE-2006-4868

利用情况

暂无

补丁情况

N/A

披露时间

2006-09-20

在Windows XP SP2上的Microsoft Outlook和Internet Explorer 6.0中以及可能在其他版本上使用的矢量图形渲染引擎（vgx.dll）中基于堆栈的缓冲区溢出，使远程攻击者可以通过矢量标记语言（VML）执行任意代码）文件，并在rect标签内使用长填充参数。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://blogs.securiteam.com/index.php/archives/624
http://secunia.com/advisories/21989
http://securitytracker.com/id?1016879
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
http://support.microsoft.com/kb/925486
http://www.kb.cert.org/vuls/id/416092
http://www.microsoft.com/technet/security/advisory/925568.mspx
http://www.osvdb.org/28946
http://www.securityfocus.com/archive/1/446378/100/0/threaded
http://www.securityfocus.com/archive/1/446505/100/0/threaded
http://www.securityfocus.com/archive/1/446523/100/0/threaded
http://www.securityfocus.com/archive/1/446528/100/0/threaded
http://www.securityfocus.com/archive/1/446881/100/200/threaded
http://www.securityfocus.com/archive/1/447070/100/0/threaded
http://www.securityfocus.com/archive/1/448552/100/0/threaded
http://www.securityfocus.com/bid/20096
http://www.us-cert.gov/cas/techalerts/TA06-262A.html
http://www.vupen.com/english/advisories/2006/3679
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...