bread
03-25-06, 06:47 AM
A vulnerability that affect Internet Explorer.
Source : Link (http://secunia.com/advisories/18680/)
TITLE:
Microsoft Internet Explorer "createTextRange()" Code Execution
SECUNIA ADVISORY ID:
SA18680
RELEASE DATE:
2006-03-22
LAST UPDATE:
2006-03-24
VERIFY ADVISORY:
http://secunia.com/advisories/18680/
CRITICAL:
Extremely critical
WHERE:
From remote
IMPACT:
System access
SOFTWARE:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
DESCRIPTION:
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
SOLUTION:
Disable Active Scripting support.
NOTE: The vendor is currently working on a patch.
REPORTED BY CREDITS:
Andreas Sandblad, Secunia Research.
Independently reported on public mailing lists by Stelian Ene.
CHANGELOG:
2006-03-23: Added links to US-CERT vulnerability note, Microsoft Security Response Center Blog, and Secunia Research. Updated "Solution" section.
2006-03-23: Updated advisory with information about availability of exploit code.
2006-03-24: Added link to Microsoft advisory. Added CVE reference. Added additional versions of Internet Explorer as affected.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2006-7/
Microsoft:
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
OTHER REFERENCES:
US-CERT VU#876678:
http://www.kb.cert.org/vuls/id/876678
Source : Link (http://secunia.com/advisories/18680/)
TITLE:
Microsoft Internet Explorer "createTextRange()" Code Execution
SECUNIA ADVISORY ID:
SA18680
RELEASE DATE:
2006-03-22
LAST UPDATE:
2006-03-24
VERIFY ADVISORY:
http://secunia.com/advisories/18680/
CRITICAL:
Extremely critical
WHERE:
From remote
IMPACT:
System access
SOFTWARE:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
DESCRIPTION:
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
SOLUTION:
Disable Active Scripting support.
NOTE: The vendor is currently working on a patch.
REPORTED BY CREDITS:
Andreas Sandblad, Secunia Research.
Independently reported on public mailing lists by Stelian Ene.
CHANGELOG:
2006-03-23: Added links to US-CERT vulnerability note, Microsoft Security Response Center Blog, and Secunia Research. Updated "Solution" section.
2006-03-23: Updated advisory with information about availability of exploit code.
2006-03-24: Added link to Microsoft advisory. Added CVE reference. Added additional versions of Internet Explorer as affected.
ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2006-7/
Microsoft:
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
OTHER REFERENCES:
US-CERT VU#876678:
http://www.kb.cert.org/vuls/id/876678