Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Internet Explorer - New Web View Folder Vulnerability

When using Internet Explorer, please be careful with email links and in web surfing as a brand new vulnerability with fully working exploits just surfaced today. I've not read reports of this being in the wild yet, but this is most likely just a matter of time.

Secunia - Extremely Critcal Rating
http://secunia.com/advisories/22159/

FRSIRT - Critical Rating
http://www.frsirt.com/english/advisories/2006/2882

Quote:
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or potentially take complete control of an affected system. This flaw is due to a buffer overflow error when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a specially crafted Web page. A fully functional exploit has been publicly released.


ISC
http://www.incidents.org/diary.php?storyid=1741

MoBB July 18th post
http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html

CERT
http://www.kb.cert.org/vuls/id/753044

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3730
Posted: Sep 28 2006, 07:40 PM by Harry Waldron | with no comments