1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: MS IE CreateTextRange CVE-2006-1359

Attack: MS IE CreateTextRange CVE-2006-1359

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit the CreateTextRange() remote code execution vulnerability affecting Microsoft Internet Explorer.

Additional Information

Microsoft Internet Explorer is susceptible to a remote code-execution vulnerability. A flaw in the application results in an invalid table-pointer dereference.

Certain uses of the 'createTextRange()' JavaScript method call cause the application to try to dereference an invalid table pointer. If the pointer references valid memory, the application will execute any machine code that may be located there. If it references invalid or unallocated memory, the application will likely crash. Placing the method on a radio button will reportedly trigger the vulnerability, possibly redirecting program execution flow to the heap.

Remote attackers may exploit this issue to crash affected browsers or to execute arbitrary machine code in the context of affected users.

Microsoft has reported that this issue does not affect the March 20, 2006 release of Internet Explorer 7 Beta 2 Preview.

Affected

  • Microsoft Internet Explorer 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 6.0, 6.0 SP1, 6.0 SP2, 7.0 beta2

Response

Workaround:
eEye has released a temporary patch for this issue. The installer and source code are available at:

http://www.eeye.com/html/research/alerts/AL20060324.htmlhttp://www.eeye.com/html/research/alerts/AL20060324.html

Symantec has not tested the integrity or effectiveness of the hotfix.

Solution:
The Internet Explorer 7 Beta 2 Preview released on March 20, 2006 is not affected by this vulnerability. Users of earlier Internet Explorer 7 beta releases are advised to upgrade. Updates are not currently available for other Internet Explorer releases.

Microsoft has released a cumulative update to address this issue. Please see the referenced advisories for further information.

Reportedly, the fixes provided in MS06-013 may cause unintended breakage with certain ActiveX controls. This has not been confirmed by Symantec. Users should thoroughly test that the patch does not interfere with other software prior to its deployment in production environments.

Microsoft Internet Explorer 6.0 SP1
Cumulative Update for Internet Explorer 6 SP1 (KB912812)
Microsoft Internet Explorer 6.0 SP2
Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB912812)
Microsoft Internet Explorer 6.0
Cumulative Update for Internet Explorer 6 SP1 (KB912812)
Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB912812)
Cumulative Update for Internet Explorer for Windows Server 2003 (KB912812)
Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB912812) -
Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB912812) - English
Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB912812)
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube