22 September 2006

Workaround needed for IE hole by Brian Livingston

Microsoft acknowledged this week a new weakness that allows hacked Web sites to infect PCs merely by displaying specific images in the Internet Explorer browser.

The Redmond company hasn't promised to issue a patch until the company's next regular Patch Tuesday on Oct. 10.

Until then, individual Windows users can protect themselves against the flaw by deregistering vgx.dll. This DLL file is used by IE to render images that are based on Vector Markup Language (VML).

Microsoft recommends that users click Start, Run, paste the following line into the input box, and click OK:

regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

After Microsoft releases a patch for the problem, you can easily reregister the DLL by repeating the procedure without the -u switch:

regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
Read the full story and more at Windows Secrets