Monday, March 27, 2006
Internet Explorer exploits in the wild Posted by Jarkko @ 14:10 GMT

createtextrange page from MSDN We've received some reports about the recent unpatched Internet Explorer vulnerability being exploited in the wild. The exploits are based on publicly available proof-of-concept code that exploits the processing of the createTextRange() function.

At the moment, there's no patch for the vulnerabilities. Please read the following links for more detailed information about the vulnerability and possible workarounds:


F-Secure Anti-virus detects HTML pages containing the exploit code as variants of Exploit.JS.CVE-2006-1359.

<<< How Would You Like Your Bagle Done, with Rootkits on the Side?
Workarounds for IE createTextRange() flaw >>>