Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

NOTE: Exploit code is publicly available.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
Andreas Sandblad, Secunia Research.

Independently reported on public mailing lists by Stelian Ene.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Secunia Research:
http://secunia.com/secunia_research/2006-7/

MS06-013 (KB912812):
http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

Microsoft:
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
http://blogs.technet.com/msrc/archive/2006/03/27/423176.aspx
http://blogs.technet.com/msrc/archive/2006/03/25/423116.aspx
http://blogs.technet.com/msrc/archive/2006/03/28/423409.aspx

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers