Microsoft Internet Explorer "createtextrange()" Code Execution

Microsoft Internet Explorer "createtextrange()" Code Execution New exploit in the wild

#1 Daisuke

Cleaner on Duty

Group: Members
Posts: 5,575
Joined: 01-September 04
Gender:Male
Location:Romania

Posted 23 March 2006 - 04:04 PM

As expected a new exploit + variants are on the loose.

Affected software: Internet Explorer 6

Solution: use another browser and disable Active Scripting in Internet Explorer.

Help here: Disabling Active Scripting in Internet Explorer
and here: How to Disable Active Content in Internet Explorer

MS will release a patch probably in April.

Details:
Microsoft Internet Explorer "createTextRange()" Code Execution
IE exploit on the loose, going to yellow
Secunia advisory

There are 2 more vulnerabilities in MSIE disclosed this month waiting for a patch. Take care.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#2 Daisuke

Cleaner on Duty

Group: Members
Posts: 5,575
Joined: 01-September 04
Gender:Male
Location:Romania

Posted 24 March 2006 - 01:50 AM

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution

Workaround

Microsoft said:

Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Set Internet and Local intranet security zone settings to “High” to prompt before Active Scripting in these zones.

Restrict Web sites to only your trusted Web sites.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 Security Geek

Member

Group: Members
Posts: 39
Joined: 10-March 06

Posted 26 March 2006 - 09:42 PM

SANS is reporting that this vulneraibility is now being exploited through eMail messages. They advise people to turn off IE Active Scripting or use Firefox (making sure it is the default browser). I would like to add that you should avoid opening any attachment with .HTA, HTM, or HTML extensions until this threat has passed. As always keep your virus signatures as up to date as possible.

Microsoft says they may release a fix for this "out of cycle" (early). They also advise people to visit their Safety.Live.Com website to "scan your machine and remove current attacks using this vulnerability"

I'm posting regular updates on this threat at the NIST.org site linked below. As always please return here to post any comments or questions.

NIST.org- It's not enough to be secure, you have to prove you're secure.™

#4 Security Geek

Member

Group: Members
Posts: 39
Joined: 10-March 06

Posted 27 March 2006 - 11:25 PM

Latest Updates:

Free fix being offered by the security software company eEye.
Exploit now being used to install Spyware
SANS is reporting that this vulnerability is being exploited via eMail messages
Websense is reporting over 200 websites hosting expoited pages

See NIST.org article 2006-102 for details. Please return here to post comments.

NIST.org- It's not enough to be secure, you have to prove you're secure.™

#5 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,518
Joined: 09-July 05
Gender:Male
Location:Virginia, USA

Posted 06 April 2006 - 03:47 PM

On 11 April 2006 Microsoft is planning to release:

• Four Microsoft Security Bulletins affecting Microsoft Windows. One of the updates will be a cumulative Internet Explorer update that addresses the publicly known "CreateTextRange" vulnerability.

See Microsoft Security Bulletin Advance Notification

Microsoft MVP - Consumer Security 2007-2012

BleepingComputer.com: Microsoft Internet Explorer "createtextrange()" Code Execution