SANS: New IE Vulnerability

There is a new exploit for Internet Explorer that was released by Secunia today. The exploit allows for arbitrary code execution. From the Secunia advisory:

"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap."

In simpler terms, its a heap overflow just waiting to happen. I doubt will have to wait long for exploit code to be published. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Thursday, 23rd March 2006 12:02AM