Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:72780C4CB08C6B124E723F157DD054FE
HistorySep 29, 2006 - 12:00 a.m.

Internet Explorer WebViewFolderIcon setSlice integer overflow

2006-09-2900:00:00
SAINT Corporation
download.saintcorporation.com
11

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.973

Percentile

99.9%

JSON

Added: 09/29/2006
CVE: CVE-2006-3730
BID: 19030
OSVDB: 27110

Background

The **WebViewFolderIcon** ActiveX control provides support for icons in the Windows Explorer Web view.

Problem

An integer overflow vulnerability in the **setSlice** method in the **WebViewFolderIcon** ActiveX control allows remote command execution by a specially crafted web page.

Resolution

See Microsoft Security Advisory 926043 for fix information.

References

<http://www.kb.cert.org/vuls/id/753044&gt;

Limitations

Exploit works on Internet Explorer 6.0. Exploit requires a user to load the exploit page into the vulnerable browser.

Due to the nature of the vulnerability, the success of the exploit may depend upon the system state. There may be a delay before the exploit succeeds due to the large amount of memory required on the target.

Platforms

Windows

Related

packetstorm 1
canvas 1
nvd 1
cve 1
exploitdb 5
checkpoint_advisories 3
securityvulns 2
cvelist 1
nessus 1
saint 3
metasploit 1
cert 1
thn 1
packetstorm
packetstorm
Internet Explorer WebViewFolderIcon setSlice() Overflow
2009-11-26 00:00:00
canvas
canvas
Immunity Canvas: MS06_057
2006-07-21 14:03:00
nvd
nvd
CVE-2006-3730
2006-07-21 14:03:00
cve
cve
CVE-2006-3730
2006-07-21 14:03:00
exploitdb
exploitdb
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (MS06-057) (Metasploit) (2)
2010-07-03 00:00:00
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1)
2006-09-27 00:00:00
Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML)
2006-09-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer WebViewFolderIcon ActiveX Integer Overflow - Ver2 (CVE-2006-3730)
2014-03-03 00:00:00
Internet Explorer SetSlice Method Buffer Overflow (MS06-057; CVE-2006-3730)
2006-10-18 00:00:00
Internet Explorer SetSlice Method Buffer Overflow (MS06-057; CVE-2006-3730)
2006-10-18 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution &#40;923191&#41;
2006-10-11 00:00:00
US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
2006-09-28 00:00:00
cvelist
cvelist
CVE-2006-3730
2006-07-19 23:00:00
nessus
nessus
MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
2006-10-10 00:00:00
saint
saint
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
Internet Explorer WebViewFolderIcon setSlice integer overflow
2006-09-29 00:00:00
metasploit
metasploit
MS06-057 Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow
2006-12-17 02:37:45
cert
cert
Microsoft Windows WebViewFolderIcon ActiveX integer overflow
2006-09-27 00:00:00
thn
thn
Researchers caught espionage malware mastermind on webcam
2012-10-30 20:02:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.973

Percentile

99.9%

JSON
Related for SAINT:72780C4CB08C6B124E723F157DD054FE
packetstorm1canvas1nvd1cve1exploitdb5checkpoint_advisories3securityvulns2cvelist1nessus1saint3metasploit1cert1thn1