Terry Hanushek
03-31-2006, 07:00 PM
The following message was in this 3/31 Trend Micro Weekly Virus Report. The threat itself is rated as Low Risk but I foiund it interesting that it effects not only the current version of IE but also the beta version that is out for test.
And the beat goes on :rolleyes:
Terry
2. Vulnerability Exploit - EXPL_TXTRANGE.A (Low Risk)
------------------------------------------------------------------------
EXPL_TXTRANGE.A is a zero-day exploit that takes advantage of a vulnerability in the createTextRange Method call process in Internet Explorer. Exploiting this vulnerability enables a user to create a text range within an object. This exploit affects Internet Explorer 6.0 and Internet Explorer 7.0 Beta 2 (January Edition) running on Windows 98, ME, NT, 2000, XP, and Server 2003.
This exploit causes an error in the mentioned text range, which is applied to a an affected system's memory and to execute arbitrary codes on the system. It can also download and execute malicious codes on the system.
Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This poses a threat whereby many computers may be affected due to the availability of exploit code, and the fact that vendors do not have much time to patch it.
One malicious JavaScript that uses this exploit is detected by Trend Micro as JS_DLOADER.BXR.
If you would like to scan your computer for EXPL_TXTRANGE.A or any other worms, viruses, Trojans and malicious code visit HouseCall, Trend Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSRCAQTVloHgmkoLsxjJgQJhuV2VW (http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSRCAQTVloHgmkoLsxjJgQJhuV2VW)
And the beat goes on :rolleyes:
Terry
2. Vulnerability Exploit - EXPL_TXTRANGE.A (Low Risk)
------------------------------------------------------------------------
EXPL_TXTRANGE.A is a zero-day exploit that takes advantage of a vulnerability in the createTextRange Method call process in Internet Explorer. Exploiting this vulnerability enables a user to create a text range within an object. This exploit affects Internet Explorer 6.0 and Internet Explorer 7.0 Beta 2 (January Edition) running on Windows 98, ME, NT, 2000, XP, and Server 2003.
This exploit causes an error in the mentioned text range, which is applied to a an affected system's memory and to execute arbitrary codes on the system. It can also download and execute malicious codes on the system.
Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This poses a threat whereby many computers may be affected due to the availability of exploit code, and the fact that vendors do not have much time to patch it.
One malicious JavaScript that uses this exploit is detected by Trend Micro as JS_DLOADER.BXR.
If you would like to scan your computer for EXPL_TXTRANGE.A or any other worms, viruses, Trojans and malicious code visit HouseCall, Trend Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSRCAQTVloHgmkoLsxjJgQJhuV2VW (http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSRCAQTVloHgmkoLsxjJgQJhuV2VW)