Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F21A7B3488AE9C63647D7B2E8D87B129
HistorySep 29, 2006 - 12:00 a.m.

Internet Explorer WebViewFolderIcon setSlice integer overflow

2006-09-2900:00:00
SAINT Corporation
download.saintcorporation.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.7%

JSON

Added: 09/29/2006
CVE: CVE-2006-3730
BID: 19030
OSVDB: 27110

Background

The **WebViewFolderIcon** ActiveX control provides support for icons in the Windows Explorer Web view.

Problem

An integer overflow vulnerability in the **setSlice** method in the **WebViewFolderIcon** ActiveX control allows remote command execution by a specially crafted web page.

Resolution

See Microsoft Security Advisory 926043 for fix information.

References

<http://www.kb.cert.org/vuls/id/753044&gt;

Limitations

Exploit works on Internet Explorer 6.0. Exploit requires a user to load the exploit page into the vulnerable browser.

Due to the nature of the vulnerability, the success of the exploit may depend upon the system state. There may be a delay before the exploit succeeds due to the large amount of memory required on the target.

Platforms

Windows

Related

canvas 1
packetstorm 1
cve 1
checkpoint_advisories 3
saint 3
nessus 1
securityvulns 2
cert 1
thn 1
canvas
canvas
Immunity Canvas: MS06_057
2006-07-21 14:03:00
packetstorm
packetstorm
Internet Explorer WebViewFolderIcon setSlice() Overflow
2009-11-26 00:00:00
cve
cve
CVE-2006-3730
2006-07-21 14:03:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer SetSlice Method Buffer Overflow (MS06-057; CVE-2006-3730)
2006-10-18 00:00:00
Microsoft Internet Explorer WebViewFolderIcon ActiveX Integer Overflow - Ver2 (CVE-2006-3730)
2014-03-03 00:00:00
Internet Explorer SetSlice Method Buffer Overflow (MS06-057; CVE-2006-3730)
2006-10-18 00:00:00
saint
saint
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
nessus
nessus
MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
2006-10-10 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution &#40;923191&#41;
2006-10-11 00:00:00
US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
2006-09-28 00:00:00
cert
cert
Microsoft Windows WebViewFolderIcon ActiveX integer overflow
2006-09-27 00:00:00
thn
thn
Researchers caught espionage malware mastermind on webcam
2012-10-30 20:02:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:F21A7B3488AE9C63647D7B2E8D87B129
canvas1packetstorm1cve1checkpoint_advisories3saint3nessus1securityvulns2cert1thn1