Friday, September 22, 2006

Vulnerability in Vector Markup Language Could Allow Remote Code Execution

Even if you have a fully patched XP/SP2/IE6 machine you are vulnerable to this exploit that uses a bug in Microsoft's vector graphic rendering engine - apparently Ad and warez sites are seizing on this bug exponentially and all it needs is for you to visit a site (or have an email show itself in the Outlook preview pane) that has one of these specially crafted images for you to get infected.

As ever, the fewer bits of nonesense in your browser the better, so de-register the faulty DLL for a worry-free life!

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

The more I think about it the less likely it is that you're reading this with IE - tech savy people use Firefox!

Have I mentioned noScript?

1 comment:

Kevin said...

Phil, Isn't this missing a quote at the end?