[NT] Microsoft Internet Explorer createControlRange() Memory Corruption

From: SecuriTeam (support_at_securiteam.com)
Date: 02/15/05

  • Next message: SecuriTeam: "[NT] Multiple Vulnerabilities in Foxmail Server" 
    To: list@securiteam.com
Date: 15 Feb 2005 14:21:33 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Microsoft Internet Explorer createControlRange() Memory Corruption
    ------------------------------------------------------------------------

    SUMMARY

    Secunia has discovered a vulnerability in Internet Explorer's
    createControlRange(), which can be exploited by malicious people to
    compromise a user's system.

    DETAILS

    Vulnerable Systems:
     * Microsoft Windows XP SP2 with Internet Explorer 6.0.

    Description
    The vulnerability is caused due to an input validation error in the
    JavaScript function "createControlRange()". This can be exploited by e.g.
    a malicious website to cause a heap memory corruption situation where the
    program flow is redirected to the heap.

    Successful exploitation allows execution of arbitrary code.

    Solution:
    Microsoft has released patches (see
    <http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx>
    MS05-014 for details).

    ADDITIONAL INFORMATION

    The original article can be found at:
    <http://secunia.com/secunia_research/2004-12/advisory/>
    http://secunia.com/secunia_research/2004-12/advisory/
    The information has been provided by <mailto:as@secunia.com> Andreas
    Sandblad.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Multiple Vulnerabilities in Foxmail Server"

    Relevant Pages

    • [NEWS] ClamAV libclamav PE File Integer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PE File Integer Overflow Vulnerability ... Exploitation of this vulnerability results in the execution of arbitrary ...
      (Securiteam)
    • [NEWS] PHP getimagesize() Multiple DoS Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PHP is a widely-used general-purpose scripting language that is especially ... Remote exploitation of a denial of service condition in the PHP ... Local exploitation of an input validation vulnerability in The PHP Group's ...
      (Securiteam)
    • [NEWS] ClamAV libclamav PeSpin Heap Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PeSpin Heap Overflow Vulnerability ... Exploitation of this vulnerability results in the execution of arbitrary ...
      (Securiteam)
    • [UNIX] Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vendor X Server fonts.dir File Parsing Integer Overflow ... exploitation of an integer overflow vulnerability in multiple vendors' ... Exploitation allows attackers to execute arbitrary code with elevated ...
      (Securiteam)
    • [UNIX] Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability ... Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ...
      (Securiteam)