Humpty
October 3, 2007, 1:59pm
1
Test results
# Windows animated cursor overflow - passed
# Passed Mozilla crashes with evidence of memory corruption - passed
# Passed Internet Explorer bait & switch race condition - passed
# Passed Mozilla crashes with evidence of memory corruption - passed
# Passed Internet Explorer createTextRange arbitrary code execution - passed
# Passed Windows MDAC ADODB ActiveX control invalid length - passed
# Passed Adobe Flash Player video file parsing integer overflow - passed
# Passed XMLDOM substringData() heap overflow - passed
# Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
# Passed Opera JavaScript invalid pointer arbitrary code execution - passed
# Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
# Passed Mozilla code execution via QuickTime Media-link files - passed
Congratulations! The test has found no vulnerabilities in your browser!
Test Your Browser's Security Now
New! New browser testing engine! Including 12 brand-new tests for vulnerabilities in Internet Explorer, Mozilla, Opera, Flash and QuickTime. Old browser test is still available.
Important! Please read this before starting the test!
Test Link
Mozilla Firefox 2.0.0.7 Test Results:
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Adobe Flash Player video file parsing integer overflow - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
* Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
* Passed Mozilla code execution via QuickTime Media-link files - passed
Congratulations! The test has found no vulnerabilities in your browser!
Microsoft Internet Explorer 6.0.2900.2180 Test Results:
* Windows animated cursor overflow - passed
* Internet Explorer bait & switch race condition - passed
* Internet Explorer createTextRange arbitrary code execution - passed
* Windows MDAC ADODB ActiveX control invalid length - passed
* Adobe Flash Player video file parsing integer overflow - passed
* XMLDOM substringData() heap overflow - passed
* Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
Congratulations! The test has found no vulnerabilities in your browser!
Interestingly enough AntiVir detected and blocked a malware named EXP/Ani.Gen when testing Internet Explorer.
I'm running WinXP Home SP2 on my P4 system with IE7 and Avast anti virus and AVG Free on my AMD system.
The P4 system came up with the following false positive and the AMD system came up clean
Windows animated cursor overflow - passed
Internet Explorer bait & switch race condition - passed
Internet Explorer createTextRange arbitrary code execution - failed. More information
Windows MDAC ADODB ActiveX control invalid length - passed
Adobe Flash Player video file parsing integer overflow - passed
XMLDOM substringData() heap overflow - passed
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
--------------------------------------------------------------------------------
Detailed Vulnerability Information
Internet Explorer createTextRange arbitrary code execution (CVE-2006-1359)
Description
Microsoft Internet Explorer has a vulnerability in handling JavaScript code calling createTextRange() function on some HTML objects . A web page containing specially crafted JavaScript code can cause Internet Explorer to execute arbitrary code.
This is an arbitrary code execution vulnerability. It means that it can be used to place a backdoor, a virus or spyware on a vulnerable computer.
Recommendations
If you are using Microsoft Windows we recommend using Windows Update to correct this problem. See also Microsoft Security Bulletin MS06-013 for information about the patch for this problem.
Interesting
Windows animated cursor overflow - passed
Mozilla crashes with evidence of memory corruption - passed
Internet Explorer bait & switch race condition - passed
Mozilla crashes with evidence of memory corruption - passed
Internet Explorer createTextRange arbitrary code execution - passed
Windows MDAC ADODB ActiveX control invalid length - passed
Adobe Flash Player video file parsing integer overflow - passed
XMLDOM substringData() heap overflow - passed
Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
Opera JavaScript invalid pointer arbitrary code execution - passed
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
Mozilla code execution via QuickTime Media-link files - passed
However my browser opera shutdown 3 times during this test!
If they couldn't do anything to IE6 then they just werent trying hard enough.