OCS ADVISORY NUMBER:
Vulnerability in Vector Markup Language (VML) Could Allow Remote Code Execution (MS13-010)
Vulnerability has been discovered within Microsoft's web browser, Internet Explorer, which could allow for remote code execution. The vulnerability is caused by the way the Vector Markup Language (VML) is processed by Internet Explorer. VML is an XML-based language used to produce and render vector graphics. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the affected user, an attacker could then install programs, view, change, or delete data; or create accounts with full user rights.
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Vulnerability has been discovered within Microsoft's Internet Explorer web browser which could allow for remote code execution within the context of the currently logged in user, potentially allowing for full control of a given system. This vulnerability is triggered when specially crafted data attempts to access VML allocated buffers.
Vector Markup Language is an XML-based language used to produce and render vector graphics akin to canvas-based graphic suites. Even though VML use has decreased with the advent of SVG, it is still supported within Internet Explorer.
Exploitation of this vulnerability is possible if a user visits or is directed to a website delivering a specially crafted webpage. Additionally, an attacker could send a user a specially crafted Microsoft Office document that hosts the IE-rendering engine. Successful exploitation could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the affected user, an attacker could then install programs, view, change, or delete data; or create accounts with full user rights.
We recommend the following actions be taken:
- Apply appropriate patches provided by Microsoft immediately after appropriate testing.
- Run all software as a non-privileged user to diminish the effects of the attack.
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
- Remind users not to open e-mail attachments from unknown users or suspicious e-mail from trusted sources.
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal