HTTP: Internet Explorer "createTextRange()" Code Execution (2)
This signature detects the download of a maliciously crafted HTML document containing an invalid use of the createTextRange JavaScript function. This type of page can allow an attacker to execute arbitrary code on the client's system heap.
Extended Description
Microsoft Internet Explorer is susceptible to a remote code-execution vulnerability. This issue is due to a flaw that results in an invalid table-pointer dereference. Remote attackers may exploit this issue to crash affected browsers or to execute arbitrary machine code in the context of affected users. Microsoft has reported that this issue does not affect the March 20, 2006 release of Internet Explorer 7 Beta 2 Preview.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:CREATETEXTRANGE-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
"createTextRange()" (2) CVE-2006-1359 Code Execution Explorer Internet bid:17196
Release Date
03/31/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3359
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3