Internet Explorer WebViewFolderIcon setSlice integer overflow

2006-09-29T00:00:00
ID SAINT:274804783E9A21ACA1D6049B6007264D
Type saint
Reporter SAINT Corporation
Modified 2006-09-29T00:00:00

Description

Added: 09/29/2006
CVE: CVE-2006-3730
BID: 19030
OSVDB: 27110

Background

The **WebViewFolderIcon** ActiveX control provides support for icons in the Windows Explorer Web view.

Problem

An integer overflow vulnerability in the **setSlice** method in the **WebViewFolderIcon** ActiveX control allows remote command execution by a specially crafted web page.

Resolution

See Microsoft Security Advisory 926043 for fix information.

References

<http://www.kb.cert.org/vuls/id/753044>

Limitations

Exploit works on Internet Explorer 6.0. Exploit requires a user to load the exploit page into the vulnerable browser.

Due to the nature of the vulnerability, the success of the exploit may depend upon the system state. There may be a delay before the exploit succeeds due to the large amount of memory required on the target.

Platforms

Windows