Internet Explorer createTextRange memory corruptionAdded: 03/28/2006
BackgroundThe createTextRange dynamic HTML method creates a text range object for an HTML element.
ProblemA flaw in the handling of unexpected createTextRange method calls by certain HTML objects could result in command execution.
ResolutionApply an update from Microsoft when available. See Microsoft Security Advisory 917077 for information on update availability.
LimitationsDue to the large amount of memory involved in this exploit, it only works on systems configured with an increased amount of virtual memory. Successful exploitation requires a user to load the URL of the exploit in an affected browser. There may be a delay before the exploit succeeds.
Back to exploit index