DoctorDoom
03-24-2006, 05:10 PM
Description:
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
Solution:
Disable Active Scripting support.
NOTE: The vendor is currently working on a patch.Microsoft Internet Explorer "createTextRange()" Code Execution (http://secunia.com/advisories/18680/)
Secunia has rated this vulnerability "Extremely critical". It applies to all IE versions from 5.01 up. Immediate action is strongly advised until MS releases a patch.
How To Disable Active Scripting in Internet Explorer (http://netsecurity.about.com/cs/tutorials/ht/ht032203.htm)
The better option is to Run Opera or Firefox and put IE on the shelf.
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
Solution:
Disable Active Scripting support.
NOTE: The vendor is currently working on a patch.Microsoft Internet Explorer "createTextRange()" Code Execution (http://secunia.com/advisories/18680/)
Secunia has rated this vulnerability "Extremely critical". It applies to all IE versions from 5.01 up. Immediate action is strongly advised until MS releases a patch.
How To Disable Active Scripting in Internet Explorer (http://netsecurity.about.com/cs/tutorials/ht/ht032203.htm)
The better option is to Run Opera or Firefox and put IE on the shelf.