Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E972D691A8BC4BAE8CA7C4A506E4C1AB
HistoryMar 28, 2006 - 12:00 a.m.

Internet Explorer createTextRange memory corruption

2006-03-2800:00:00
SAINT Corporation
my.saintcorporation.com
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 03/28/2006
CVE: CVE-2006-1359
BID: 17196
OSVDB: 24050

Background

The createTextRange dynamic HTML method creates a text range object for an HTML element.

Problem

A flaw in the handling of unexpected createTextRange method calls by certain HTML objects could result in command execution.

Resolution

Apply an update from Microsoft when available. See Microsoft Security Advisory 917077 for information on update availability.

References

<http://www.microsoft.com/technet/security/advisory/917077.mspx&gt;

Limitations

Due to the large amount of memory involved in this exploit, it only works on systems configured with an increased amount of virtual memory. Successful exploitation requires a user to load the URL of the exploit in an affected browser. There may be a delay before the exploit succeeds.

Platforms

Windows XP

Related

checkpoint_advisories 3
saint 3
cert 1
securityvulns 3
prion 1
cvelist 1
cve 1
packetstorm 1
mskb 1
nessus 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer createTextRange Remote Code Execution (MS06-013) - Ver2 (CVE-2006-1359)
2014-03-03 00:00:00
Update Protection against Microsoft Internet Explorer createTextRange () Vulnerability (MS06-013)
2006-03-27 00:00:00
Microsoft Internet Explorer createTextRange Denial of Service - Ver2 (CVE-2006-1359)
2014-03-03 00:00:00
saint
saint
Internet Explorer createTextRange memory corruption
2006-03-28 00:00:00
Internet Explorer createTextRange memory corruption
2006-03-28 00:00:00
Internet Explorer createTextRange memory corruption
2006-03-28 00:00:00
cert
cert
Microsoft Internet Explorer createTextRange() vulnerability
2006-03-23 00:00:00
securityvulns
securityvulns
Determina Fix for CVE-2006-1359 &#40;Zero Day MS Internet Explorer Remote &quot;CreateTextRange&#40;&#41;&quot; Code Execution&#41;
2006-03-29 00:00:00
US-CERT Technical Cyber Security Alert TA06-101A -- Microsoft Windows and Internet Explorer Vulnerabilities
2006-04-12 00:00:00
Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer &#40;912812&#41;
2006-04-11 00:00:00
prion
prion
Null pointer dereference
2006-03-23 00:06:00
cvelist
cvelist
CVE-2006-1359
2006-03-23 00:00:00
cve
cve
CVE-2006-1359
2006-03-23 00:06:00
packetstorm
packetstorm
Internet Explorer createTextRange() Code Execution
2009-11-26 00:00:00
mskb
mskb
MS06-013: Cumulative security update for Internet Explorer
2017-03-30 05:55:09
nessus
nessus
MS06-013: Cumulative Security Update for Internet Explorer (912812)
2006-04-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:E972D691A8BC4BAE8CA7C4A506E4C1AB
checkpoint_advisories3saint3cert1securityvulns3prion1cvelist1cve1packetstorm1mskb1nessus1