Wednesday, September 20, 2006

VML Exploit and PDF problems.

A new Microsoft Internet Explorer vulnerability has been disclosed publicly that affects the Vector Markup Language processing. A victim would need to visit or be coerced to visit a website that hosted the malicious VML content. Exploitation in the wild has been detected. Microsoft has acknowledged the issue with Security Advisory 925568. And it doesn't stop with this ...
Several new Adobe pdf vulnerabilities were recently announced. The author claims these are basic vulnerabilities in the pdf API or architecture. The author tested his poc's against Acrobat reader and Adobe professional. The details are available here:
http://michaeldaw.org/ or
http://www.eweek.com/article2/0,1895,2016606,00.asp
I predicted about one year ago now that we will face problems with this kind of software. I even wrote it down in an article for DataNews in Belgium in the beginning of this year.