IE CreateTextRange vulnerability - Trend and Symantec provide generic protection

  Trend and Symantec have added generic detection for the new unpatched vulnerability in Internet Explorer that Microsoft is working on a patch for.  McAfee and other AV vendors have recently added protection and it's beneficial to stay as up-to-date as possible and use the safest practices in email, IM, and web surfing. 

Trend's Generic Protection

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=EXPL%5FTXTRANGE%2EA

This is Trend Micro's detection for a zero-day exploit that takes advantage of a vulnerability in the createTextRange Method call process in Internet Explorer. Using the aforementioned method enables a user to create a text range within an object.

This exploit causes an error in the mentioned text range, which is applied to a radio button control, allowing malicious Web sites to consume a large amount of an affected system's memory and to execute arbitrary codes on the system. It can also download and execute malicious codes on the system.

Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This poses a threat in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.

Symantec's Generic Protection
http://www.sarc.com/avcenter/venc/data/bloodhound.exploit.61.html

Bloodhound.Exploit.61 is a heuristic detection for the Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability (BID 17196).