Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||CVE-2005-1790, US-CERT: VU#887861, JS_WINDEXP.A, JS_ONLOADXPLT.A, Exploit-BO.gen, Bloodhound.Exploit.54|
It is a code specifically written in order to exploit a critical vulnerability in Internet Explorer running on Windows XP/2000/Me/98 computers. If successfully exploited, it allows arbitrary code to be executed in the vulnerable computer. The malicious code is hosted in a web page, and then unaware users are tricked into accessing it.>
|First detected on:||Dec. 1, 2005|
|Detection updated on:||Dec. 2, 2005|
BodyOnLoad is a code specifically written in order to exploit a critical vulnerability in Internet Explorer running on Windows XP/2000/Me/98 computers.
If it is successfully exploited, BodyOnLoad allows arbitrary code to be executed in the vulnerable computer. For example, there are evidences that point to this code being used to download and run a copy of the Trojan detected as Downloader.DLE.
This vulnerability is exploited by hosting the malicious code in a web page, and by tricking users to access it.
Panda Security detects the code associated to the vulnerability as BodyOnLoad, thus warning users of its presence in the web pages accessed, and preventing them from being affected.
On December 14 2005, Microsoft released the security patch referred to the Mismatched Document Object Model Objects Memory Corruption vulnerability, which is included in the security bulletin MS05-054. Access the web page for downloading the patch.