ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > Resources > Downloads > Windows > Utilities & Drivers > Internet Tools & Utilities > Patches & Updates

Resources Downloads

Determina Fix for CVE-2006-1359 (Internet Explorer Remote CreateTextRange() Code Execution)

		License	Free
		Requirements	Windows 2000/XP, Internet Explorer 5.01 or 6.0
Downloads	83	Limitations	None
Publisher	Determina	File Size	208k
Date added	29 Mar 2006		Check your speed

Publisher's Description

Report a broken link

Based on the same technology used in the VPS LiveShield product, Determina has engineered a standalone fix that provides free and immediate protection to users worldwide that need to protect systems from related attacks until such time as Microsoft issues its own patch. Determina VPS customers do not have to apply this patch as they have been protected against this attack without the need for any update.

This is a runtime fix for the IE createTextRange() vulnerability. It can be applied to Windows 2000, XP and 2003 systems running Internet Explorer 5.01 and 6.0. The vulnerability lies in the MSHTML.DLL rendering engine which is loaded into many applications for HTML rendering, including but not limited to Internet Explorer and Microsoft Office.

The installation of the fix consists of adding the fix DLL to the AppInit_DLLs registry key in

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

The MSI installer will do this automatically. This will enable loading this fix DLL into all the vulnerable applications. The fix does not modify any file or application on the disk. It will only modify the vulnerable applications and DLLs in memory. The fix will not be applied to any processes that are running at the time of the installation. To enable the patch, you have to restart IE, Outlook and any other process that need to be protected. After the installation, run status.exe to verify that your system is protected. If you have a version of MSHTML.DLL that the patch does not support, status.exe will report that the protection is not active.

Once Microsoft releases an official patch and it is installed by the user, the Determina Shield will not be applied any more. Determina recommends uninstalling this fix even though keeping it active will not affect the system. To uninstall the fix, use ""Add Remove Programs"" in the Control Panel. To uninstall it manually, remove the DLL from the AppInit_DLLs key and restart your machine. You can then safely delete the DLL.

This tool requires administrative privileges on the vulnerable machines in order to install the fix.

Did you find this download useful?
10 out of 20 users found this download useful

Download

Brocade File Insight 2.0

Brocade File Insight is a free Windows-based reporting utility that provides a quick and easy way to understand your SMB/CIFS network file environments.

Downloads: 2,300
Requirements: Microsoft 32-bit Windows Server 2003, XP Professional, or newer
License: Free Tool / Utility
Publisher: Brocade
Size: 0

More In Office applications

Install Flash Player Plugin

Featured Talkback

Why do so many (virtually all) software packages think that they are so important that they have to be started automatically every time the computer boots? What is the largest number of "speed access", "update check", "camera download" and whatever other background programs you have ever seen running? Of those, how many did you really need?