In an earlier blog writeup, I had posted a mitigation for the VML exploit:
regsvr32 -u “%ProgramFiles%Common FilesMicrosoft SharedVGXvgx.dll
However, this may not work on foreign language versions of Windows.
So here is a more universal command:
|
|
|
|
Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered.
To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with
regsvr32 “%CommonProgramFiles%Microsoft SharedVGXvgx.dll
Not having VML support is not a big deal as not many websites use it.
I’ve also updated the original post.
Alex Eckelberry