[NT] Microsoft Internet Explorer createControlRange() Memory Corruption
From: SecuriTeam (support_at_securiteam.com)
Date: 02/15/05
- Previous message: SecuriTeam: "[NT] Armagetron DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 15 Feb 2005 14:21:33 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Microsoft Internet Explorer createControlRange() Memory Corruption
------------------------------------------------------------------------
SUMMARY
Secunia has discovered a vulnerability in Internet Explorer's
createControlRange(), which can be exploited by malicious people to
compromise a user's system.
DETAILS
Vulnerable Systems:
* Microsoft Windows XP SP2 with Internet Explorer 6.0.
Description
The vulnerability is caused due to an input validation error in the
JavaScript function "createControlRange()". This can be exploited by e.g.
a malicious website to cause a heap memory corruption situation where the
program flow is redirected to the heap.
Successful exploitation allows execution of arbitrary code.
Solution:
Microsoft has released patches (see
<http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx>
MS05-014 for details).
ADDITIONAL INFORMATION
The original article can be found at:
<http://secunia.com/secunia_research/2004-12/advisory/>
http://secunia.com/secunia_research/2004-12/advisory/
The information has been provided by <mailto:as@secunia.com> Andreas
Sandblad.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Armagetron DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] ClamAV libclamav PE File Integer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PE File
Integer Overflow Vulnerability ... Exploitation of this vulnerability results in the
execution of arbitrary ... (Securiteam) - [NEWS] PHP getimagesize() Multiple DoS Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PHP is a widely-used general-purpose
scripting language that is especially ... Remote exploitation of a denial of service condition
in the PHP ... Local exploitation of an input validation vulnerability in The PHP Group's
... (Securiteam) - [NEWS] ClamAV libclamav PeSpin Heap Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PeSpin Heap
Overflow Vulnerability ... Exploitation of this vulnerability results in the execution
of arbitrary ... (Securiteam) - [UNIX] Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vendor X Server
fonts.dir File Parsing Integer Overflow ... exploitation of an integer overflow vulnerability
in multiple vendors' ... Exploitation allows attackers to execute arbitrary code with elevated
... (Securiteam) - [UNIX] Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Clam AntiVirus ClamAV CAB File
Unstore Buffer Overflow Vulnerability ... Remote exploitation of a buffer overflow
vulnerability in Clam AntiVirus' ... (Securiteam)
