|
Description:
To get a one-glance comprehensive view of the behavior of this exploit, refer to the Behavior Diagram shown below.
Malware Overview
This is Trend Micro's detection for a zero-day exploit that takes advantage of a vulnerability in the createTextRange Method call process in Internet Explorer. Using the aforementioned method enables a user to create a text range within an object. The said vulnerability is discussed in detail in the following Microsoft Web page:
This exploit causes an error in the mentioned text range, which is applied to a radio button control, allowing malicious Web sites to consume a large amount of an affected system's memory and to execute arbitrary codes on the system. It can also download and execute malicious codes on the system.
Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This poses a threat in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.
One malicious JavaScript that uses this exploit is detected by Trend Micro as JS_DLOADER.BXR.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 25, 2006 2:07:24 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
