Internet Explorer Javascript Exploit

Posted April 16, 2006

This is the createTextRange() exploit

It affects patched versions of Internet Explorer 6, 7 with SP2. What the code does is make Internet Explorer encounter an exception that references a distant memory location, where currently there is nothing. But this cuold lead to the execution of arbitrary code found there.

Here a C program by milw0rm that creates index.html files that will crash Internet Explorer

This is a page that makes use of this exploit. This will crash your Internet Explorer!

The code looks something like this:

<input type="checkbox" id='c'>
<script>
	r=document.getElementById("c");
	a=r.createTextRange();
</script>

It’s been classified by Secunia as Very Critical

Posted in en, tech

No Comment

Add yours

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>