Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue occurs when the browser does not properly handle requests to the window() object. A remote attacker could create a malicious website that uses an onload event to initialize a window() object, which may cause Internet Explorer to crash or execute arbitrary code with the privileges of the person running it.

Microsoft has released a patch(MS05-054) to address this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):
-Disable Active Scripting

• Security Tracker: 1015251
• Bugtraq ID: 13799
• Secunia Advisory ID: 15368 15546 18064 18311
• SCIP VulDB ID: 1537 1914
• Metasploit ID: 17094
• Exploit Database: 18365
• CVE ID: 2005-1790 (see also: NVD)
• ISS X-Force ID: 20783
• CERT VU: 887861
• Microsoft Knowledge Base Article: 911302
• VUPEN Advisory: ADV-2005-2509
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0331.html
  http://archives.neohapsis.com/archives/bugtraq/2005-05/0342.html
  http://archives.neohapsis.com/archives/bugtraq/2005-05/0348.html
  http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0657.html
• News Article: http://news.zdnet.com/2100-1009_22-5977161.html
  http://www.eweek.com/article2/0,1895,1894820,00.asp
• Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
  http://www.computerterrorism.com/research/ie/ct21-11-2005
• Generic Exploit URL: http://www.frsirt.com/exploits/20051121.IEWindow0day.php
  http://www.saintcorporation.com/cgi-bin/exploit_info/ie_onload_window
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/911302.mspx
  http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525&RenditionID=
• Microsoft Security Bulletin: MS05-054

• Benjamin Tobias Franz - 0-1-2-3gmx.de -