Thread-topic: [SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution
÷ ÐÒÏÄÏÌÖÅÎÉÅ ÔÅÍÙ...
>
>
> TITLE:
> Microsoft Internet Explorer "createTextRange()" Code Execution
>
> SECUNIA ADVISORY ID:
> SA18680
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 6.x
>
>
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Microsoft Internet
> Explorer, which can be exploited by malicious people to compromise a
> user's system.
>
> The vulnerability is caused due to an error in the processing of the
> "createTextRange()" method call applied on a radio button control.
> This can be exploited by e.g. a malicious web site to corrupt memory
> in a way, which allows the program flow to be redirected to the
> heap.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability has been confirmed on a fully patched system with
> Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability
> has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other
> versions may also be affected.
>
> SOLUTION:
> Do not visit untrusted web sites.
>
> NOTE: The vendor is currently working on a patch.
>
> PROVIDED AND/OR DISCOVERED BY:
> Andreas Sandblad, Secunia Research.
>
> Independently discovered and reported on public mailing lists by
> Stelian Ene.
>
> ----------------------------------------------------------------------
