The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Internet Explorer: code execution via VML

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious VML image, in order to execute code on his computer.
Severity of this bulletin: 4/4.
Creation date: 12/02/2013.
Références of this threat: 2797052, BID-57852, CERTA-2013-AVI-114, CVE-2013-0030, MS13-010, VIGILANCE-VUL-12411.

Description of the vulnerability

The VML format (Vector Markup Language) stores vector images in XML.

However, malicious VML data corrupt IE memory.

An attacker can therefore invite the victim to display a malicious VML image, in order to execute code on his computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as IE, Windows RT.

Our Vigil@nce team determined that the severity of this weakness note is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat

Internet Explorer: patch for VML.
A patch is available:
Windows XP SP3
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=daed0c2e-bd9a-4685-a5f9-1c01f7fdeccf
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=fd693211-bcc8-4267-9aa1-86bac45e25bf
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=e8924d23-f6e2-41bf-9542-f8991d084db9
Windows XP x64 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=dd9383b9-a6df-44a7-bea9-8f7d088bc488
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=b042e717-bf4e-44a1-a1ba-6359bf551e8e
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=c8618c96-25c0-415b-b147-5713ec5ab5b1
Windows 2003 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=9b96ebfc-93e9-41bb-81f9-35c433ca5479
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=b902617d-1f35-4b17-9a44-235c0d3c27d2
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=47ca5d22-b957-4ac9-91e9-c440b0614728
Windows 2003 x64 SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=b3ca28b1-9d3c-4df5-b8d7-f31d70f6e714
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=e13c9366-9cb6-4e62-bf6c-a09fe7842463
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=80aab9c7-4511-4d44-b570-c77cdb50e542
Windows 2003 Itanium SP2
  Internet Explorer 6
    http://www.microsoft.com/downloads/details.aspx?FamilyID=63791740-00e2-4569-967e-36086efe6ca6
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d1a9b2b2-191c-4ffe-9c8a-8ef641a45eb7
Windows Vista SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=4f946407-cd81-48b5-a279-1ab81388b70b
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=e0cfc24f-293c-4817-a69c-f9cfd514e1c1
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=4fab0417-5c9a-4e5d-864d-b1b3bee6fc89
Windows Vista x64 SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=6ffb3215-1c90-4eb2-9143-0866efc98374
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=649dbf4e-654b-48a2-bd35-2df7f34fbb56
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=44fbe00c-eeb4-4a80-a934-7ce58c02d6ec
Windows Server 2008 32-bit SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=d432acb3-10a0-4f4c-a793-381aedd4bdd1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=b91ce04a-a464-4388-9386-54dd2815b8dd
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=58f0810c-f253-4740-ac9f-75b8a4506b06
Windows Server 2008 x64 SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=152f90b3-efae-42e6-a845-59052383a8a0
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=304ac41e-b4e5-4bf8-94d2-f2bd9a07bcff
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=7b85336a-d3f7-4077-b6eb-55b3042f5335
Windows Server 2008 Itanium SP2
  Internet Explorer 7
    http://www.microsoft.com/downloads/details.aspx?FamilyID=1a2af9dc-e9a7-477e-9943-8132eb7fea81
Windows 7 for 32-bit RTM, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=d7d64177-deec-4fd3-9716-b7816fe3c623
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=04a101c6-d553-426f-b3cd-412eefeec580
Windows 7 for x64 RTM, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=d503795a-b1a3-48dc-b1e6-27628aeb150a
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=36eb59be-6703-40c0-b01c-0fffb1456719
Windows Server 2008 R2 x64 RTM, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=7a36109b-f1e2-4cde-9ede-9f7449c5412c
  Internet Explorer 9
    http://www.microsoft.com/downloads/details.aspx?familyid=be2fd20a-4c37-47a6-a322-e16acd99db2c
Windows Server 2008 R2 Itanium RTM, SP1
  Internet Explorer 8
    http://www.microsoft.com/downloads/details.aspx?familyid=c2e1c1b3-5b75-47cf-91d5-82d413b358e6
Windows Server 8 for 32-bit
  Internet Explorer 10
    http://www.microsoft.com/downloads/details.aspx?familyid=0389b515-59bf-4733-aab4-ffb822efdbea
Windows Server 8 for 64-bit
  Internet Explorer 10
    http://www.microsoft.com/downloads/details.aspx?familyid=c1859853-d43f-4497-b212-e6a4daa43485
Windows Server 2012
  Internet Explorer 10
    http://www.microsoft.com/downloads/details.aspx?familyid=3b39813e-5ee2-412e-b1f1-a16617a70f43
Windows RT
  The update is available via Windows Update.
The Microsoft announce indicates workarounds.
The article 2797052 indicates known problems:
  http://support.microsoft.com/kb/2797052
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.