Description:
There exists an integer overflow vulnerability in the Vector Markup Language (VML) implementation of Microsoft Windows products. This update resolves the said vulnerability, as well as other issues discovered internally.
Vector Markup Language (VML) is an XML-based exchange, editing, and delivery format for high-quality vector graphics on the Web that meets the needs of both productivity users and graphic design professionals. XML is a simple, flexible, and open text-based language that complements HTML.
The vulnerability is due to the insufficient input validation passed to the VML tag recolorinfo together with the sum of the attribute values numcolors and numfills exceeding 97612893. This leads to a heap buffer overrun, which can result to arbitrary remote code execution in the context of the logged-in user.
An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML email message that could potentially allow remote code execution if a user visited the Web page or viewed the message using the affected products.
When using vulnerable Microsoft Office applications, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | 
Save & Share
