VML patch from Microsoft

[darkrats]

I'd like to know if both these patches are required, or does MS07-004
include what is in the earlier MS06-055?

Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(925486): MS06-055
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(929969): MS07-004

Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter
Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home
Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition,
Windows Server 2003 for Small Business Server, Windows Server 2003,
Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server
2003, Web Edition, Windows Server 2003, Standard Edition, Windows Server
2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter
x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003
Standard x64 Edition, Internet Explorer 5.01, Internet Explorer 6.0,
Internet Explorer 7.0

Thanks!

 

[David H. Lipman]

From: "darkrats" <[email protected]>

| I'd like to know if both these patches are required, or does MS07-004
| include what is in the earlier MS06-055?
|
| Vulnerability in Vector Markup Language Could Allow Remote Code Execution
| (925486): MS06-055
| Vulnerability in Vector Markup Language Could Allow Remote Code Execution
| (929969): MS07-004
|
| Affected Software: Windows 2000 Advanced Server, Windows 2000 Datacenter
| Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home
| Edition, Windows XP Professional, Windows XP Professional 64-Bit Edition,
| Windows Server 2003 for Small Business Server, Windows Server 2003,
| Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server
| 2003, Web Edition, Windows Server 2003, Standard Edition, Windows Server
| 2003 Datacenter Edition for Itanium-based Systems, Windows Server 2003
| Enterprise Edition for Itanium-based Systems, Windows Server 2003 Datacenter
| x64 Edition, Windows Server 2003 Enterprise x64 Edition, Windows Server 2003
| Standard x64 Edition, Internet Explorer 5.01, Internet Explorer 6.0,
| Internet Explorer 7.0
|
| Thanks!
|

The following supercedes MS06-055 and is the only one needed.

Vulnerability in Vector Markup Language Could Allow Remote Code Execution
(929969): MS07-004

 

[darkrats]

Thanks for the facts!

 

[David H. Lipman]

From: "darkrats" <[email protected]>

| Thanks for the facts!
|

Well, that's not the facts. That's just a summation.

The facts are...

The vulnerability is in the DLL..
"C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.DLL"

Since MS07-004 is subsequent to MS06-055, the orginal buffer overflow vulnerability and the
latest VML in HTML vulnerability are included by the latest version of VGX.DLL.