• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Internet Explorer exploit

Internet Explorer exploit

Myantispyware team November 22, 2005     No Comment    

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.
The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
In addition ot the PoC ‘Calculator’ exploit, a reader submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.
In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.
For protect, turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox.

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

install.tinychill.com
How to remove Install.tinychill.com pop-ups (Virus removal guide)
Obituary Directories
How to remove Obituary Directories (Virus removal guide)
Search.obituariesdirectorytab.com
How to remove Search.obituariesdirectorytab.com [Chrome, Firefox, IE, Edge]
Easy Mac Care
How to remove Easy Mac Care (Virus removal guide)
Search.packagetrackingprotab.com
How to remove Search.packagetrackingprotab.com [Chrome, Firefox, IE, Edge]

Follow US

Search

Useful Guides

How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to reset Internet Explorer settings to default
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
How to reset Mozilla Firefox (Updated Apr. 2018)
adwcleaner
AdwCleaner – Review, How to use, Comments

Recent Posts

Attention Online Shoppers: Identity Theft and Computer Security Hazards at Risk of Increasing During Holiday Season
What is “Internet Zone” ? How to use “Internet Zone Settings” ?
Online Security Scanner from Microsoft – Windows Live Safety Center
Windows XP SP1 and Windows 2000 DoS vulnerability
Malicious .biz site and browser vulnerabilities

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2019 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.