This is a tweak on the original exploit referenced in Microsoft Security Advisory 917077 (http://www.microsoft.com/technet/security/advisory/917077.mspx). If successful, the arbitrary code embedded into the exploit (refered to as the "payload") is executed on the targetted user machine.
The vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control within a web page. The vulnerability can then be exploited pointing to the attackers code of his/her choice (e.g. arbitrary code). As of the time of this writing, all known versions of Internet Explorer with fully patched XP (+SP2) are vulnerable, beginning with v5.01 and through v7.
In this version of the exploit, the time to wait before the execution of the payload (aka hacker's code and potentially damaging payload) is minimized.
Microsoft is aware of the vulnerability and projects a patch availability date of April 11 2006, although allegedly disabling "Active Scripting" in the web browser would circumvent the attack method.
Vulnerable Configurations (according to Microsoft advisory)
- Internet Explorer 5.01 SP 4 on MS Win2000 SP 4
- Internet Explorer 6 SP1 on MS Win2000 SP 4
- Internet Explorer 6 SP1 on MS WinXP SP 1
- Internet Explorer 6 for MS WinXP SP 2
- Internet Explorer 6 for MS Windows Server 2003 and Microsoft Windows Server 2003 SP 1
- Internet Explorer 6 for MS Windows Server 2003 for Itanium-based Systems, MS Windows Server 2003 with SP1 for Itanium-based Systems
- Internet Explorer 6 for MS Windows Server 2003 x64 Edition, and MS Windows XP Pro x64 Edition
- Internet Explorer 6 SP 1 on MS Win98, on MS Win98SE, or on MS WinME
20060322 IE crash
- Secunia Advisory: 18680
- check the main screen using the web interface to ensure the latest AV/NIDS
database has been downloaded and installed -- if required, enable the "Allow
Push Update" option
- Quarantine/Delete infected files detected
This vulnerability is corrected if using MS06-013 MS Security Update.