Microsoft Internet Explorer VML Vulnerability

• Microsoft Windows
• Microsoft Internet Explorer

A vulnerability in Microsoft Internet Explorer could allow an attacker to take control of your computer.

Solution

Apply Update

Microsoft has provided an update to address this vulnerability. To obtain this update, visit the Microsoft Update web site.

We also recommend enabling Automatic Updates.

Until the update can be applied, consider the following workarounds.

Disable Binary and Script Behaviors

Follow the steps in Microsoft Security Advisory (925568) under the section titled "Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone."

Do not follow unsolicited links

Do not click on unsolicited URLs, including those received in email, instant messages, web forums, or internet relay chat (IRC) channels.

An attacker could exploit a vulnerability in Internet Explorer Vector Markup Language (VML) by convincing a user to open an HTML document such as a web site or an HTML email message. The attacker could then take any action as the user, including installing malicious software and accessing sensitive personal information.

For more technical information, see Vulnerability Note VU#416092.

References

• Vulnerability Note VU#416092 - <http://www.kb.cert.org/vuls/id/416092>
• Microsoft Security Bulletin MS06-055 - <http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
• Microsoft Security Advisory (925568) - <http://www.microsoft.com/technet/security/advisory/925568.mspx>
• 4 steps to help ward off hackers and attackers - <http://www.microsoft.com/athome/security/online/browsing_safety.mspx>
• Microsoft Security Essentials - <http://www.microsoft.com/protect/>

.

Revision History

• September 19, 2006: Initial release
  September 26, 2006: Added update information and added a reference to Microsoft's update