Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote malicious users to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 7 |
||
microsoft internet explorer 5.01 |
||
microsoft internet explorer 6 |