Signature Detail
Short Name |
HTTP:STC:IE:DHTML-CCR-INV-OBJ |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Internet Explorer createControlRange Invalid Object Type |
Release Date |
2005/02/07 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer createControlRange Invalid Object Type
This signature detects attempts to exploit a known DHTML input validation vulnerability in Microsoft Internet Explorer. Attackers can create a malicious Web page that, when viewed by a user, causes a heap overflow and executes arbitrary code on the target system.
Extended Description
Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability caused by a boundary condition error that is exposed when passing data to the 'createControlRange()' DHTML method. As a result, heap-based memory can be corrupted with attacker-supplied data. An attacker could exploit this issue to execute arbitrary code in the context of the currently logged-in user.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Nortel Networks IP softphone 2050
- Nortel Networks Mobile Voice Client 2050
- Nortel Networks Optivity Telephony Manager (OTM)
- Nortel Networks Symposium Web Center Portal (SWCP)
- Nortel Networks Symposium Web Client
References