Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Sep 28, 2006

VML exploit awareness video

If you've been following the information security headlines over the past week or so, you will have heard about a nasty zero-day Microsoft exploit in the wild - or rather three exploits in fact, all targeting a buffer overflow in Internet Explorer's handling of Vector Markup Language.
Watchguard's excellent VML exploit video demonstrating the attack is an object lesson in technical awareness presentations - professionally produced, clear and straightforward, and just over 4 minutes long. Nice. Microsoft issued an emergency patch for the bug this week. Meanwhile, SANS and MessageLabs are reporting that malicious eCards are in circulation, exploiting unpatched vulnerable systems.
More links on bugs!