|
 |
|
Microsoft Internet Explorer "createTextRange()" Code Execution
|
|
|
|
|
Secunia Advisory:
|
SA18680
|
|
|
Release Date:
|
2006-03-22
|
|
Last Update:
|
2006-04-11
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2006-1359 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=594E7B87-AF8F-4346-9164-596E3E5C22B1
Internet Explorer 6 SP1 on Windows 2000 SP4 or Windows XP SP1:
http://www.microsoft.com/downloads/de...=033C41E1-2B36-4696-987A-099FC57E0129
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=F05FFB31-E6B4-4771-81F1-4ACCEBF72133
Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP1:
http://www.microsoft.com/downloads/de...=EE566871-D217-41D3-BECC-B27FAFA00054
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=E584957C-0ABE-4129-ABAF-AA2852AD62A3
Internet Explorer 6 for Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=5A1C8BE3-39EE-4937-9BD1-280FC35125C6
Internet Explorer 6 for Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=C278FE3E-620A-4BBC-868B-CA2D9EFF7AC3
Internet Explorer 6 SP1 on Windows 98, Windows 98 SE, or Windows ME:
Patches are available via the Microsoft Update Web site or the Windows Update Web site.
Provided and/or discovered by:
Andreas Sandblad, Secunia Research.
Independently reported on public mailing lists by Stelian Ene.
Changelog:
2006-03-23: Added links to US-CERT vulnerability note, Microsoft Security Response Center Blog, and Secunia Research. Updated "Solution" section.
2006-03-23: Updated advisory with information about availability of exploit code.
2006-03-24: Added link to Microsoft advisory. Added CVE reference. Added additional versions of Internet Explorer as affected.
2006-03-27: Added links to Microsoft's comments regarding recent exploitation.
2006-03-29: Added link to Microsoft's comments regarding third-party patches.
2006-04-11: Updated "Solution" section. Added link to Microsoft security bulletin.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2006-7/
MS06-013 (KB912812):
http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
Microsoft:
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
http://blogs.technet.com/msrc/archive/2006/03/27/423176.aspx
http://blogs.technet.com/msrc/archive/2006/03/25/423116.aspx
http://blogs.technet.com/msrc/archive/2006/03/28/423409.aspx
Other References:
US-CERT VU#876678:
http://www.kb.cert.org/vuls/id/876678
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
130 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
2. Internet Explorer FTP Command Injection Vulnerability
|
|
3. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
4. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
5. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
|
6. Internet Explorer Data Stream Handling Vulnerability
|
|
7. Internet Explorer Unspecified Address Bar Spoofing Vulnerability
|
|
8. Internet Explorer "OnKeyDown" Event Focus Weakness
|
|
9. Microsoft Internet Explorer FTP Credentials Exposure
|
|
10. Microsoft Internet Explorer Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
