cbcvebase.
CVE-2007-1749
published 2007-08-14

CVE-2007-1749: Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows…

PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
41.55%
98.5th percentile
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

filenameVGX.DLL
  • Exploit delivery requires a malicious HTML document containing a VML construct pointing to a malicious compressed image file; monitor for VGX.DLL processing compressed VML content with anomalous buffer sizes.
  • The vulnerability is triggered during rendering of VML (Vector Markup Language) graphics in Internet Explorer; inspect HTML pages referencing VML namespaces (urn:schemas-microsoft-com:vml) delivered to IE 5.01, 6, or 7 clients.
  • ·Affected versions are Internet Explorer 5.01, 6, and 7 only; the vulnerable component is VGX.DLL (the VML renderer). Detection should be scoped to these specific IE versions.
  • ·Exploitation requires user interaction — the victim must be enticed to open a malicious HTML document; drive-by delivery via web or email is the expected attack vector.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.