Internet Security Software - Computer Security Software - Security Software
Software Security Solutions background
 
 
LinkScanner
LinkScanner Resource Center
LinkScanner Support
LinkScanner White Papers
LinkScanner Press Releases
LinkScanner Manual
Free Trial
Empty Cart Cart

mountains

LinkScanner Knowledge Base


spacer

Exploit: WebViewFolderIcon setSlice
Dated Posted:

04.10.2007
Posted By:

Roger Thompson - CTO
Category:

Research
 
 

Microsoft provides the option to view directories and folders in either "Classic View" or the advanced "WebView". The WebViewFolderIcon ActiveX object's SetSlice method has a parameter that if set to the wrong value will cause an integer overflow that allows arbitrary execution of code.

The proof of concept code was originally released 17 July 2006 as part of HD Moore's Month of Browser Bugs #18, but this proof of concept caused just a browser crash. EXPLabs intelligence network detected a working full exploit version in the wild on some Russian iframer's sites towards the end of September 2006. It has been widely adopted since then, even being included as an attack method in the Metasploit toolkit.

This exploit was classified (CVE-2006-3730), and was patched by Microsoft on 10 October 2006 in (MSO6-057).

 

 

Return to Knowledge Base

Anti Virus Software | Eset NOD32 | Kaspersky | Eset Smart Security | Spyware Removal Software | Spysweeper
Remove Adware |LinkScanner | LinkScanner Online | Firewalls | Outpost | SonicWALL | Disaster Recovery
Spam Blocker | Security Tools | Computer Security Tips | Layered Security Model | Security Software Resources
Solution Certifications | Trusted Reviews | Security Goal | Security Links
Partners | Press Releases | White Papers | About Us Home


Contact Software Security Solutions at (303) 232-9070
Site Map | Privacy Policy | Legal Notice | Home

© 2008 Software Security Solutions. All rights reserved.