Intrusion Prevention

MS.IE.JavaScript.Window.Function.Memory.Corruption

Description

This indicates a possible exploit of a remote code execution vulnerability in Microsoft Internet Explorer.
This vulnerability presents itself when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function.
This issue may be exploited to execute arbitrary remote code in the context of the user running the affected application. Failed exploitation attempts result in the application crashing.

Affected Products

Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1

Impact

System compromise: execution of arbitrary code.
Denial of service.

Recommended Actions

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-042.
http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx

CVE References

CVE-2005-1790