BleepingComputer.com: Microsoft Internet Explorer "createtextrange()" Code Execution

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Microsoft Internet Explorer "createtextrange()" Code Execution New exploit in the wild

#1 User is offline   Daisuke 

  • Cleaner on Duty
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 5,575
  • Joined: 01-September 04
  • Gender:Male
  • Location:Romania

Posted 23 March 2006 - 04:04 PM

As expected a new exploit + variants are on the loose.

Affected software: Internet Explorer 6

Solution: use another browser and disable Active Scripting in Internet Explorer.

Help here: Disabling Active Scripting in Internet Explorer
and here: How to Disable Active Content in Internet Explorer

MS will release a patch probably in April.

Details:
Microsoft Internet Explorer "createTextRange()" Code Execution
IE exploit on the loose, going to yellow
Secunia advisory

There are 2 more vulnerabilities in MSIE disclosed this month waiting for a patch. Take care.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#2 User is offline   Daisuke 

  • Cleaner on Duty
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 5,575
  • Joined: 01-September 04
  • Gender:Male
  • Location:Romania

Posted 24 March 2006 - 01:50 AM

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution

Workaround

Microsoft said:

Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Set Internet and Local intranet security zone settings to “High” to prompt before Active Scripting in these zones.

Restrict Web sites to only your trusted Web sites.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 User is offline   Security Geek 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 39
  • Joined: 10-March 06

  Posted 26 March 2006 - 09:42 PM

SANS is reporting that this vulneraibility is now being exploited through eMail messages. They advise people to turn off IE Active Scripting or use Firefox (making sure it is the default browser). I would like to add that you should avoid opening any attachment with .HTA, HTM, or HTML extensions until this threat has passed. As always keep your virus signatures as up to date as possible.

Microsoft says they may release a fix for this "out of cycle" (early). They also advise people to visit their Safety.Live.Com website to "scan your machine and remove current attacks using this vulnerability"

I'm posting regular updates on this threat at the NIST.org site linked below. As always please return here to post any comments or questions.
NIST.org- It's not enough to be secure, you have to prove you're secure.

#4 User is offline   Security Geek 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 39
  • Joined: 10-March 06

Posted 27 March 2006 - 11:25 PM

Latest Updates:
  • Free fix being offered by the security software company eEye.
  • Exploit now being used to install Spyware
  • SANS is reporting that this vulnerability is being exploited via eMail messages
  • Websense is reporting over 200 websites hosting expoited pages
See NIST.org article 2006-102 for details. Please return here to post comments.
NIST.org- It's not enough to be secure, you have to prove you're secure.

#5 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,111
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 06 April 2006 - 03:47 PM

On 11 April 2006 Microsoft is planning to release:

• Four Microsoft Security Bulletins affecting Microsoft Windows. One of the updates will be a cumulative Internet Explorer update that addresses the publicly known "CreateTextRange" vulnerability.

See Microsoft Security Bulletin Advance Notification
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users