> It is exactly the same day when Sunbelt reported that they were informed Microsoft security people:
We were the first to see it in the wild, but unbeknownst to the security community, Microsoft had reportedly been working with ISS on this issue (ISS disclosed it on the 19th -- http://xforce.iss.net/xforce/alerts/id/237). One can then assume that Microsoft was already in the process of fixing it, and while they were doing that, we started finding it exploiting systems. Alex -----Original Message----- From: Juha-Matti Laurio [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 26, 2006 3:45 PM To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: Windows VML security update MS06-055 released Security update for Windows Vector Markup Language (VML) vulnerability has been released. Fix is available via Microsoft Update or downloadable with links included to MS06-055: http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx Fix information has been added to Windows VML Vulnerability FAQ (CVE-2006-4868) http://blogs.securiteam.com/?p=640 and details will be added shortly. It appears that the timestamp of updated Vgx.dll library is 18th September, 2006. >From the Security Update Information / File Information section of new MS bulletin: Windows XP Service Pack 2 (all versions) and Windows XP Professional x64 Vgx.dll - 6.0.2900.2997 - 18-Sep-2006 - 14:28 (UTC) - 851,968 It is exactly the same day when Sunbelt reported that they were informed Microsoft security people: http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be ing.html - Juha-Matti _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
