Internet Explorer onload window vulnerability

Added: 12/01/2005
CVE: CVE-2005-1790
BID: 13799
OSVDB: 17094

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Internet Explorer fails to properly initialize the window() function when called from an onLoad event in a body tag. This causes it to call a deferenced memory address, leading to the possibility of command execution.

Resolution

Apply a Microsoft update when available.

References

http://www.securityfocus.com/archive/1/417326

Limitations

This exploit requires a user on the target system to follow a link to the exploit using Internet Explorer.

Platforms

Windows

Back to exploit index