Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows : Microsoft Bulletins >> Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929629)

Vulnerability Assessment Details

Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929629)

Vulnerability Assessment Summary
Acertains the presence of update 929969

Detailed Explanation for this Vulnerability Assessment

Summary :

Arbitrary code can be executed on the remote host through the email client or
the web browser.

Description :

The remote host is running a version of Internet Explorer or Outlook Express
which is vulnerable to a bug in the Vector Markup Language (VML) handling routine
which may permit a possible hacker execute arbitrary code on the remote host by sending
a specially crafted email or by luring a user on the remote host into visiting
a rogue web site.

Solution :

Microsoft has released a set of patches for Windows 2000, XP and 2003 :

http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx

Network Security Threat Level:

High / CVSS Base Score : 8.0
(AV:R/AC:H/Au:NR/C:C/I:C/A:C/B:N)

Networks Security ID: 21930

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors