CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 03/28/2006
CVE: CVE-2006-1359
BID: 17196
OSVDB: 24050
The createTextRange dynamic HTML method creates a text range object for an HTML element.
A flaw in the handling of unexpected createTextRange method calls by certain HTML objects could result in command execution.
Apply an update from Microsoft when available. See Microsoft Security Advisory 917077 for information on update availability.
<http://www.microsoft.com/technet/security/advisory/917077.mspx>
Due to the large amount of memory involved in this exploit, it only works on systems configured with an increased amount of virtual memory. Successful exploitation requires a user to load the URL of the exploit in an affected browser. There may be a delay before the exploit succeeds.
Windows XP