• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Internet Explorer exploit

Internet Explorer exploit

Myantispyware team November 22, 2005     No Comment    

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.
The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
In addition ot the PoC ‘Calculator’ exploit, a reader submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.
In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.
For protect, turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox.

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Partmentha.fun
How to remove Partmentha.fun pop-ups (Virus removal guide)
unwanted ads
How to remove YoutubeDownloader adware (Virus removal guide)
Topgirlsdating.com
How to remove Topgirlsdating.com pop-ups (Virus removal guide)
Make Changes redirects
How to uninstall Make Changes from Chrome, Firefox, IE, Edge
unwanted ads
How to uninstall PublicConsoleSearch app/extension from Mac (Virus removal guide)

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
Best free malware removal tools
Best Free Malware Removal Tools 2020
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]

Recent Posts

Attention Online Shoppers: Identity Theft and Computer Security Hazards at Risk of Increasing During Holiday Season
What is “Internet Zone” ? How to use “Internet Zone Settings” ?
Online Security Scanner from Microsoft – Windows Live Safety Center
Windows XP SP1 and Windows 2000 DoS vulnerability
Malicious .biz site and browser vulnerabilities

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.