Intrusion Prevention

MS.IE.CreateTextRange.Remote.Code.Execution

Description

This indicates a possible attempt to exploit a remote code execution vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error in the processing of the "createTextRange()" method call, applied to a radio button control. It can be exploited by using a malicious web site to corrupt memory in a way that allows the program flow to be redirected to the heap.

Affected Products

Microsoft Internet Explorer 5.0, 6.0, 6.0 SP2

Impact

System compromise: remote code execution.

Recommended Actions

The recently released Internet Explorer 7 Beta 2 Preview is not vulnerable to this exploit. Upgrade or apply patches to earlier Internet Explorer versions.

CVE References

CVE-2006-1359