Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New IE Vulnerability

Published: 2006-03-22
Last Updated: 2006-03-22 19:30:08 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution.  From the Secunia advisory

"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap."

In simpler terms, its a heap overflow just waiting to happen.  I doubt will have to wait long for exploit code to be published.  There are no security workarounds at this time. We will keep you posted if we find out any additional information.


Keywords:
0 comment(s)
Diary Archives