Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New IE Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New IE Vulnerability
There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution.  From the Secunia advisory

"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap."

In simpler terms, its a heap overflow just waiting to happen.  I doubt will have to wait long for exploit code to be published.  There are no security workarounds at this time. We will keep you posted if we find out any additional information.


165 Posts
ISC Handler
Mar 22nd 2006

Sign Up for Free or Log In to start participating in the conversation!