• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Internet Explorer exploit

Internet Explorer exploit

Myantispyware team November 22, 2005     No Comment    

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.
The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
In addition ot the PoC ‘Calculator’ exploit, a reader submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.
In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.
For protect, turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox.

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Wholehugespot.com Press Allow scam
Wholehugespot.com Virus Removal Guide
Bestpenad.com click allow scam
Bestpenad.com Virus Removal Guide
Danafdd.top scam store
Danafdd.top Deals Too Good to Be True? What Shoppers Should Know
CarharttOnlineSale.vip store scam
CarharttOnlineSale.vip Deals Too Good to Be True? What Shoppers Should Know
Cageza.com sofa bed scam
Cageza.com’s Scam: How to Identify Fake Online Deals

Follow Us

Search

Useful Guides

browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
How to reset Internet Explorer settings to default

Recent Posts

Attention Online Shoppers: Identity Theft and Computer Security Hazards at Risk of Increasing During Holiday Season
What is “Internet Zone” ? How to use “Internet Zone Settings” ?
Online Security Scanner from Microsoft – Windows Live Safety Center
Windows XP SP1 and Windows 2000 DoS vulnerability
Malicious .biz site and browser vulnerabilities

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.