VML Exploit: InfoCon at Yellow

Submitted by Christopher on Fri, 2006-09-22 16:10

SANS ISC has raised the InfoCon to yellow due to increasing exploitation of the MSIE VML vulnerability I wrote about yesterday. Now is the time to impliment countermeasures. One that I haven't seen other places is that the generic buffer overflow protection in McAfee AntiVirus 8.0i appears to prevent successful exploitation. It is likely that other products that provide similar HIPS functionality also will work.

Be safe out there.