1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: WebViewFolderIcon SetSlice CVE-2006-4690

Web Attack: WebViewFolderIcon SetSlice CVE-2006-4690

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects websites setting the setSlice value to a very large value in an attempt to exploit a buffer-overflow vulnerability in Internet Explorer.

Additional Information

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website. Specifically, the vulnerability presents itself when the browser processes the 'WebViewFolderIcon' object. An attacker can trigger an invalid memory copy operation by setting the first argument of the 'setSlice' method of this object to a very large value.

Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.

Affected

  • Microsoft Internet Explorer 6.0, 6.0 SP1

Response

Workaround:
It has been suggested that disabling Active Scripting in Internet Explorer, or setting the kill bit on the {844F4806-E8A8-11d2-9652-00C04FC30871} CLSID will prevent a successful exploit of this vulnerability. Consult Microsoft support document 240797 for details on setting the kill bit for CLSID's.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube