CVE-2006-4868

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0 Microsoft Outlook (affected versions not specified) Microsoft Windows (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the Vector Graphics Rendering engine. It allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. An attacker could exploit this by constructing a specially crafted Web page or HTML e-mail, potentially allowing remote code execution if a user visited the Web page or viewed the message. This could give the attacker complete control of an affected system.

Recommendations For Microsoft Internet Explorer version 6.0, update to a newer version to mitigate the risk. For Microsoft Outlook, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.