• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Internet Explorer exploit

Internet Explorer exploit

Myantispyware team November 22, 2005     No Comment    

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.
The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
In addition ot the PoC ‘Calculator’ exploit, a reader submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.
In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.
For protect, turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox.

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

click allow popup
How to remove Hovernment.club pop-ups (Virus removal guide)
Egcuniformer.club
How to remove Egcuniformer.club pop-ups (Virus removal guide)
Files encrypted with .kolz extension
Remove Kolz ransomware. Decrypt .kolz files. Kolz File Recovery.
ConverterSearchNow
How to uninstall ConverterSearchNow from Chrome, Firefox, IE, Edge
unwanted ads
How to uninstall FullTab Movie from Chrome, Firefox, IE, Edge

Follow US

Search

Useful Guides

How to reset Google Chrome settings to default
remove android virus
How to remove virus from Android phone
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy

Recent Posts

Attention Online Shoppers: Identity Theft and Computer Security Hazards at Risk of Increasing During Holiday Season
What is “Internet Zone” ? How to use “Internet Zone Settings” ?
Online Security Scanner from Microsoft – Windows Live Safety Center
Windows XP SP1 and Windows 2000 DoS vulnerability
Malicious .biz site and browser vulnerabilities

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.