Site icon Liquidmatrix Security Digest

Microsoft Internet Explorer “WebViewFolderIcon” Integer Overflow

Just in from the folks at Secunia:

Description:
H D Moore has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an integer overflow error in the “setSlice()” method in the “WebViewFolderIcon” ActiveX control. This can be exploited to corrupt memory when e.g. visiting a malicious web site.

Successful exploitation allows execution of arbitrary code.

NOTE: Exploit code is publicly available.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
Only allow trusted websites to run ActiveX controls.

Provided and/or discovered by:
H D Moore

Original Advisory:
H D Moore:
http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html

Article Link

[tags]Integer Overflow, Vulnerability, IE Exploit[/tags]

Exit mobile version