NEWS FROM THE LAB - Monday, March 27, 2006

Internet Explorer exploits in the wild Posted by Jarkko @ 14:10 GMT

createtextrange page from MSDN We've received some reports about the recent unpatched Internet Explorer vulnerability being exploited in the wild. The exploits are based on publicly available proof-of-concept code that exploits the processing of the createTextRange() function.

At the moment, there's no patch for the vulnerabilities. Please read the following links for more detailed information about the vulnerability and possible workarounds:


F-Secure Anti-virus detects HTML pages containing the exploit code as variants of Exploit.JS.CVE-2006-1359.