Vulnerability Note VU#876678
Microsoft Internet Explorer createTextRange() vulnerability
Microsoft Internet Explorer (IE) fails to properly handle the createTextRange() DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code.
DHTML, TextRanges, and the createTextRange Method
According to Microsoft:
Dynamic HTML (DHTML) is built on an object model that extends the traditional static HTML document which enables Web authors to create more engaging and interactive Web pages.
IE fails to properly handle the createTextRange() method. When this method is called for certain DHTML objects, memory may be corrupted in a way that could allow an attacker to execute arbitrary code.
More information is available in Microsoft Security Bulletin MS06-013 and Microsoft Security Advisory 917077.
Note that working exploit code is available for this vulnerability.
By convincing a user to open a specially crafted web page, a remote unauthenticated attacker can execute arbitrary code on a vulnerable system.
Apply an Update
Disable Active Scripting
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||22 Mar 2006||11 Apr 2006|
CVSS Metrics (Learn More)
This issue was reported by Andreas Sandblad of Secunia Researcha.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-1359
- Date Public: 22 Mar 2006
- Date First Published: 22 Mar 2006
- Date Last Updated: 11 Apr 2006
- Severity Metric: 35.63
- Document Revision: 45
If you have feedback, comments, or additional information about this vulnerability, please send us email.