Submission + - MS Sneaks Out Patch for Critical Vulnerability
An anonymous reader writes: Apparently Microsoft tried to sneak out an extra patch, with the January security bulletins, correcting another critical vulnerability affecting everything from Internet Explorer 6/7 to the Outlook email client. According to Microsoft Security Bulletin MS07-004 only one vulnerability was fixed. However, looking at this Secunia security advisory updated today an additional vulnerability was fixed: "2) A signedness error in the Vector Markup Language (VML) implementation when handling shape types can be exploited to reference user-controlled memory and cause a memory corruption, which may allow execution of arbitrary code."