Microsoft Internet Explorer (IE) fails to properly handle the createTextRange() DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code.
DHTML, TextRanges, and the createTextRange Method
According to Microsoft:
Dynamic HTML (DHTML) is built on an object model that extends the traditional static HTML document which enables Web authors to create more engaging and interactive Web pages.
By convincing a user to open a specially crafted web page, a remote unauthenticated attacker can execute arbitrary code on a vulnerable system.
Apply an Update
Disable Active Scripting
This issue was reported by Andreas Sandblad of Secunia Researcha.
This document was written by Jeff Gennari.
|Date First Published:||2006-03-23|
|Date Last Updated:||2006-04-11 20:14 UTC|