HTTP: Microsoft Internet Explorer "createTextRange()" Code Execution
This signature detects the download of a maliciously crafted HTML document containing an invalid use of the createTextRange JavaScript function. This type of page can allow an attacker to execute arbitrary code on the client's system heap.
Extended Description
Microsoft Internet Explorer is susceptible to a remote code-execution vulnerability. This issue is due to a flaw that results in an invalid table-pointer dereference. Remote attackers may exploit this issue to crash affected browsers or to execute arbitrary machine code in the context of affected users. Microsoft has reported that this issue does not affect the March 20, 2006 release of Internet Explorer 7 Beta 2 Preview.
Affected Products
Microsoft internet_explorer
References
BugTraq: 17196
CVE: CVE-2006-1359
URL: http://www.kb.cert.org/vuls/id/876678 http://www.microsoft.com/technet/security/advisory/917077.mspx
Short Name
HTTP:STC:IE:CREATETEXTRANGE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
"createTextRange()" CVE-2006-1359 Code Execution Explorer Internet Microsoft bid:17196
Release Date
03/24/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3