Check Point Advisories

Update Protection against Microsoft Internet Explorer createTextRange () Vulnerability (MS06-013)

Check Point Reference: CPAI-2006-033
Date Published: 27 Mar 2006
Severity: High
Last Updated: Monday 07 May, 2007
Source: Microsoft Security Bulletin MS06-013
Microsoft Security Advisory (917077)
Industry Reference:CVE-2006-1359
Protection Provided by:
Who is Vulnerable? Microsoft Internet Explorer 5.1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
Vulnerability Description Microsoft Internet Explorer (IE) fails to properly handle the createTextRange() DHTML method, potentially allowing a remote attacker to execute arbitrary code if the attacker has convinced a user to open a specially crafted Web page
Vulnerability StatusA working exploit code exists for this vulnerability.
Vulnerability DetailsDynamic HTML (DHTML) is built on an object model that enables Web authors to create more interactive Web pages (comapred to using HTML). A TextRange is a DHTML object that represents text. createTextRange() is a DHTML method that is used to generate a TextRange for a DHTML Object. Internet Explorer does not properly handle the createTextRange() method. When this method is called for certain DHTML objects, memory corruption may occur and potentially allow for remote code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK