The VML exploit is growing quickly and a mass email attack could be just days away, warn security experts who are tracking the problem.
The exploit was first discovered early this week by Sunbelt Software. The exploit is a buffer overflow in the Vector Markup Language (VML) library that allows for remote code execution.
However, the real danger is that it could infect a computer without the user doing anything. All you had to do was have the preview pane turned on in Microsoft Outlook and that would be enough to launch the exploit. The preview pane would render the script in an email, and a script could be written to cause the buffer overflow.
VeriSign iDefense has been watching for VML attacks and saw some light traffic, but on Thursday morning, “our board lit up like a Christmas tree,” said Ken Dunham, director of the rapid response team at VeriSign.
Read more here.
Microsoft advisory is here.
Symantec security response is here.