Hi everyone. As you may have noticed there has been a bit of attention on an Internet Explorer zero day vulnerability released to the public by our friends over at Sunbelt software. You can read their report here; http://secunia.com/advisories/21989/.
We have confirmed in our research that this flaw does in fact exist and is actually very easy to exploit. The flaw itself exists in _IE5_SHADETYPE_TEXT::Text in VGX.DLL and is a stack overflow that can be triggered by as little as 260bytes. If you are one of the lucky ones to be an eEye Blink customer our Blink product proactively protects you from this. There have been reports of various adult web sites using this to install spyware. We are working on getting a list of those sites and will share that information here once we have it.
You can prevent this by disabling Active Scripting which as most of you know isn't the greatest mitigation as it potentially impacts various applications. You can also unregister VGX.DLL but as with disabling Active Scripting this will only prevent known attacks and will prevent legitimate applications that use VML from displaying properly or even working at all.
Comments