Secunia Advisory SA18680Microsoft Internet Explorer "createTextRange()" Code Execution
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Description
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap. Successful exploitation allows execution of arbitrary code. NOTE: Exploit code is publicly available. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected. Solution Provided and/or discovered by Other references Deep Links Do you have additional information related to this advisory?Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
101 views | ![]() |
TYPO3 The official twitter tweet button for your page Extension Cross-Site Scripting Vulnerability![]() | |