EEYE: Temporary workaround for IE createTextRange vulnerability Mar 28 2006 12:41AM
Marc Maiffret (mmaiffret eeye com)
eEye Digital Security has created a temporary work around for the
current Internet Explorer zero day vulnerability within the IE
createTextRange functionality.

This workaround has been created because currently there is no solution
from Microsoft other than the workaround to disable Active Scripting. We
have personally had requests from various customers and the community to
help provide a free solution in the case that companies and users are
not able to disable Active Scripting. The workaround we have created,
like ones before it, is experimental in a sense and should only be
installed if you are not able to use the safer mitigation of disabling
Active Scripting.

The workaround is obviously free, and we do not require any registration
information to download it from the eEye website.

Should you encounter any problems with the workaround or bugs please
send email to alerts (at) eeye (dot) com [email concealed] with detailed information on the problem
you experienced and we will work to fix any bugs in a timely fashion. We
will post updates to the website with version numbers and bug fixes
should they arise.

Obviously these things are experimental in nature but considering the
options of being vulnerable or at least having a fighting chance... Well
I think you get the point. Again this is just another mitigation option
until Microsoft releases their patch, which last was scheduled for April
11th or 16 days from now.

For more information on the vulnerability and a link to download the
workaround please visit:
http://www.eeye.com/html/research/alerts/AL20060324.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9329
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
x?>"*äè?IPM.Microsoft Mail.Note1
??@EEYE: Temporary workaround for IE createTextRange vulnerability??Ö)&[ ?Ö))^ ?!82636C10B35A834FA418D53D614BF3F28 / &6@9?á¡_RÆ=G<c=U
S;a= ;p=eEye Digital Sec;l=AV-MAIL01-060328004141Z-10239p@EEYE: Temporary workaround for IE createTextRange vulnerabilityqÆR_?.?rH"?YÀæ~Îл Marc Maiffret@EEYE: Temporary workaround for IE createTextRange vulnerability njÝLZFu|[g
rcpg125â2CtexA÷ÿ
?¤ä?óPV?U²%Qchá
Àset2Ã%ö3F·0,3ï ÷¶;05" `cP3 d36P ¦ eEye Digi `cqty 'à ea°d äa °mp°
À0?w°k`unðóÀth á 0 I0? Ex P°zo dba0vul!à?b?ð Ð ? ÃIEU?TÁRpg fq Pcti @.÷
ã
?
?T$P Ò %Rb á?(ðcau»!l0 Ñ 'Ñên"àsðu&B ?a?Ð
à`+ ? o*âï Á? Ò( t"á ªl A&1v Su ?g&ÐW à/±p+ &q*±àð qÙ
Pst ,3v
À&Pÿ*!2Pp1!.? â=pm P.Á àlpó1`viP àÿ+?$e)à*-@4
°ÿ?4*3Ò++p@ß/#.Ï/Ú'°-ûw0¥?ô, #Ðk  ?(ðû ?+!t=ð'ÑÀ1qÿ0?$a?6 aôsh`lð *±(ð?72P1qᐠy`¯9o* Ò:fmpÿPÀ+ò,à:e0A:ï&Þó-û'Ñob5Ð3!*±6Bw=ð4=d"à9²2iÿ+p0 `2P?6ÕO ?À+ã:BowAÐo¿1Ñp,$ Òó=bû°&ÜSAdC ð  Pï!±L5¡:±m'á$1-Îñ±bug P°*ÿ@±ð@ p :A@í2`@ à.4SÿB²M9M² áR?Qdÿ?£Q±â<Ôð1?Ä:AøfixLT?@c&@?ÿJ"`$P 0s[3`2Pý9p#° :A-ÓOÄÏS/°+ònuÐ3ÆÿT?[ò?AU Ñ02ñú.&úOIÇ Ñ7³0A9Tû??&ptp T8÷Fr Òo0!gáEÒ(ðÿFr#F:Á±8Tò@0Á÷Fr6!Ph02?-?Z?î.lÐ0[QIec CW%Ð@Yo ?t&ÐAïEp$c'Ñ'Ñj3q3ñ-$ÿE:hã90,? Tó_Q àKÐ1ÀÐ=ðwï$PÐ>kwað ànd#Pá ?A5 1æ1SA±16"ò2u+púw&ÜF±`+X/#=ÿ4Fa[³N-ÝTå5Ð
Oá:&ôltp:/T/wp.V¦/lm¼l/ 
ÀÐ/V4(/ALÐ0032ü4.?BPKP!à=à&ô¾M?ÑÐ p  t&ô¦C$P HÐkFrþO
à&ôÿ'U (at) .949 (dot) 3 [email concealed]?Ñ9߁ÐPx??¸?9~«?ò5óB{Ó-" `-Pén² V#[P /°qñ÷ ?ÏóR ???ýÀtÓÇ/àp#q?ÏíóIca?T??2À=&qy"±??óÃeI¶Ið??S:@5?kwÁÿ@q8âm°?
?B#J8?&ô}?À5E<A641CEADDBAEAE4C96FC5BF854695268E3A5B4 (at) av-mail01 (dot) corp [email concealed]
.int-eeye.com>?ÿÿÿÿó?EEYE%3A Temporary workaround for IE createTextRange vulnerability.EML ö@0Ý^¡aRÆ@0EèªaRÆÞ??Nñ? ø?Marc Maiffretù?nܧ@ÈÀB´¹+/á?/O=EEYE DIGITAL SECURITY/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=MMAIFFRETú?System Administratorû?ܧ@ÈÀB´¹+/á?.ý?ä@@0@
MMAIFFRET1@
MMAIFFRET8@
MMAIFFRET9@.v@ÿÿÿÿ Y ? ÀF?ë ÀF? ð ÀF?ú ÀF?? ÀF? ? ÀF? !? ÀF?? ) #é?U,eEEYEDIGITALSECURITYHASCREATEDATEMPORARYW
ORKAROUNDFORTHECURRENTINTERNETEXPLORERZERODAYVULNERABILITYWIE<A641CE
ADDBAEAE4C96FC5BF854695268E3A5B4 (at) av-mail01.corp.int-eeye (dot) com [email concealed]>£

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus