Internet Explorer onload window vulnerability
Added: 12/01/2005CVE: CVE-2005-1790
BID: 13799
OSVDB: 17094
Background
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.Problem
Internet Explorer fails to properly initialize the window() function when called from an onLoad event in a body tag. This causes it to call a deferenced memory address, leading to the possibility of command execution.Resolution
Apply a Microsoft update when available.References
http://www.securityfocus.com/archive/1/417326Limitations
This exploit requires a user on the target system to follow a link to the exploit using Internet Explorer.Platforms
WindowsBack to exploit index