Info

Disclosure

May 31, 2005

Discovery

Unknown

Dates

Exploit

Nov 21, 2005

Solution

Unknown

Description

Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue occurs when the browser does not properly handle requests to the window() object. A remote attacker could create a malicious website that uses an onload event to initialize a window() object, which may cause Internet Explorer to crash or execute arbitrary code with the privileges of the person running it.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Microsoft has released a patch(MS05-054) to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): -Disable Active Scripting

Products

Microsoft Corporation	Internet Explorer	6.0
		6.0 Service Pack 1
		5.5 Service Pack 2
		5.01 Service Pack 4

References

Security Tracker: 1015251
Bugtraq ID: 13799
Secunia Advisory ID: 15368 15546 18064 18311
SCIP VulDB ID: 1537 1914
Metasploit ID: 17094
CVE ID: 2005-1790 (see also: NVD)
ISS X-Force ID: 20783
CERT VU: 887861
Microsoft Knowledge Base Article: 911302
VUPEN Advisory: ADV-2005-2509
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0331.html
http://archives.neohapsis.com/archives/bugtraq/2005-05/0342.html
http://archives.neohapsis.com/archives/bugtraq/2005-05/0348.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0657.html
News Article: http://news.zdnet.com/2100-1009_22-5977161.html
http://www.eweek.com/article2/0,1895,1894820,00.asp
Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
http://www.computerterrorism.com/research/ie/ct21-11-2005
Generic Exploit URL: http://www.frsirt.com/exploits/20051121.IEWindow0day.php
http://www.saintcorporation.com/cgi-bin/exploit_info/ie_onload_window
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/911302.mspx
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525&RenditionID=
Microsoft Security Bulletin: MS05-054

Credit

Benjamin Tobias Franz - 0-1-2-3gmx.de -

Direct URL: http://osvdb.org/17094

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit