freemode.net

Microsoft VML vulnerability    [ Software ]

There exists a "0-day" vulnerability for Internet Explorer and other Microsoft apps (Outlook and Office, at least) which use VML (a language extension to XML). While exploit code is in the wild, and some PCs are already being exploited with variants of this code, there is not yet any large-scale virus or worm exploiting this vulnerability.

Edit 2006-09-22 2:08pm EDT:
See the SunBeltBlog entry for a two-step method that also works with international versions of Windows, and using GPOs in Active Directory to block the VML vulnerability on a domain.

Microsoft's official write-up is at http://www.microsoft.com/technet/security/advisory/925568.mspx.

Their suggested workaround is to un-register vgx.dll.

I've copied and pasted the appropriate commands and saved them as text files named ms925568-vml.txt and ms925568-vml-undo.txt. To run the commands manually, download and save the text file. Rename it with a .bat extension, and double-click on the file.

Alternately, you can copy the text within the appropriate file, go to Start -> Run, paste the copied text into that dialog box, and click "OK".

If the un-registration is successful, you will see a dialog box pop up titled "RegSvr32", with the text "DllUnregisterServer in C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll succeeded."

You then need to reboot your PC (logging off and logging back in may be sufficient, but Microsoft recommends a full restart) to complete this workaround.