Expl_txtrange.a

[curtis]

EXPL_TXTRANGE.A is a zero-day exploit that takes advantage of a vulnerability in the createTextRange Method call process in Internet Explorer. Exploiting this vulnerability enables a user to create a text range within an object. This exploit affects Internet Explorer 6.0 and Internet Explorer 7.0 Beta 2 (January Edition) running on Windows 98, ME, NT, 2000, XP, and Server 2003.

 

This exploit causes an error in the mentioned text range, which is applied to a an affected system's memory and to execute arbitrary codes on the system. It can also download and execute malicious codes on the system.

 

Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This poses a threat whereby many computers may be affected due to the availability of exploit code, and the fact that vendors do not have much time to patch it.

 

One malicious JavaScript that uses this exploit is detected by most anti-virus software as JS_DLOADER.BXR.

[stevevan]

Thanks for the info curtis!

[TCH-Bruce]

Why does anyone still use IE?

 

Thanks Curtis

[Madmanmcp]

An article about its current use.

 

h_tp://www.eweek.com/article2/0,1895,1944579,00.asp

[TCH-Don]

Thanks Curtis.

[curtis]

Anytime the boys in Redmond, Wash. use a term like "limited in scope" it makes me wonder how far or deep it does go.

Thanks for the link, Bob

[TCH-Rob]

Thanks Curtis