iDefense Security Advisory - Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. This vulnerability exists due to insufficient input validation within vgx.dll. Two integer properties are multiplied together and no overflow check is performed. This could allow an attacker to force a memory allocation of a smaller amount of memory than is required. When copying user supplied data into the newly allocated memory, it is possible to overwrite a function pointer stored on the heap, which leads to the execution of arbitrary code. iDefense testing shows that Internet Explorer 6.0 bundled with Windows XP SP2 with all available security patches is vulnerable. Other versions of Internet Explorer, including those with all security updates applied, are also vulnerable. Older versions of Internet Explorer may also vulnerable.
cc02a2d31828272aa07f4e4211c32c642119a165cea1314af6ba67aedb689e40