Aviv Raff On .NET - Next generation of createTextRange() exploit

Thursday, March 30, 2006

Next generation of createTextRange() exploit

Up until today, in the wild createTextRange() vulnerability exploits were not so silent.
The need to wait more than minute, while your web browser freezes, in order to get the exploit to be executed, was too much for the victims.
Most of the victims were probably shutting down the browser manually before the vulnerability was actually got exploited.

Introducing the Next Generation of the createTextRange() exploit from Metasploit.
This exploit uses a non-CPU consuming techniques in order to get a more silent exploitation.

Now that we have a new generation of exploit out there, we can only hope MS will be fast enough to deliver an out-of-cycle security update for the createTextRange() vulnerability.

P.S. This exploit will also evade most "generic" AV and IPS detections which are mostly looking for specific tokens from the old proof-of-concept script, instead of using a real heuristic detection.

Thursday, March 30, 2006 8:57:15 AM UTC | Comments [0] | Security

All comments require the approval of the site owner before being displayed.

Name
E-mail
Home page

	Remember Me
Comment (Some html is allowed: `a@href@title, b, blockquote@cite, em, i, strike, strong, sub, super, u`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Enter the code shown (prevents robots):
Live Comment Preview