CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 09/29/2006
CVE: CVE-2006-3730
BID: 19030
OSVDB: 27110
The **WebViewFolderIcon**
ActiveX control provides support for icons in the Windows Explorer Web view.
An integer overflow vulnerability in the **setSlice**
method in the **WebViewFolderIcon**
ActiveX control allows remote command execution by a specially crafted web page.
See Microsoft Security Advisory 926043 for fix information.
<http://www.kb.cert.org/vuls/id/753044>
Exploit works on Internet Explorer 6.0. Exploit requires a user to load the exploit page into the vulnerable browser.
Due to the nature of the vulnerability, the success of the exploit may depend upon the system state. There may be a delay before the exploit succeeds due to the large amount of memory required on the target.
Windows