No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
Secunia Advisory: SA22159 Release Date: 2006-09-28 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software:Microsoft Internet Explorer 6.x CVE reference:CVE-2006-3730 (Secunia mirror) Description: H D Moore has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the "setSlice()" method in the "WebViewFolderIcon" ActiveX control. This can be exploited to corrupt memory when e.g. visiting a malicious web site. Successful exploitation allows execution of arbitrary code. NOTE: Exploit code is publicly available. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected. Solution: Only allow trusted websites to run ActiveX controls. Provided and/or discovered by: H D Moore Original Advisory: H D Moore: http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Microsoft Internet Explorer \WebViewFolderIcon\ Integer Overflow - Advisories - Secunia
No Comments