Select Page

In an earlier blog writeup, I had posted a mitigation for the VML exploit:

regsvr32 -u “%ProgramFiles%Common FilesMicrosoft SharedVGXvgx.dll

However, this may not work on foreign language versions of Windows. 

So here is a more universal command:


Click Start, click Run, type

regsvr32 -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll

and then click OK.


A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box. The dialog box looks like this:


Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered.

To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with 

regsvr32 “%CommonProgramFiles%Microsoft SharedVGXvgx.dll  

Not having VML support is not a big deal as not many websites use it.

I’ve also updated the original post.

Alex Eckelberry