1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MSIE WebViewFolderIcon ActiveX Control BO

MSIE WebViewFolderIcon ActiveX Control BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects websites setting the setSlice value to a very large value in an attempt to exploit a buffer-overflow vulnerability in Internet Explorer.

Additional Information

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website. Specifically, the vulnerability presents itself when the browser processes the 'WebViewFolderIcon' object. An attacker can trigger an invalid memory copy operation by setting the first argument of the 'setSlice' method of this object to a very large value.

Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.


  • Microsoft Internet Explorer 6.0, 6.0 SP1


It has been suggested that disabling Active Scripting in Internet Explorer, or setting the kill bit on the {844F4806-E8A8-11d2-9652-00C04FC30871} CLSID will prevent a successful exploit of this vulnerability. Consult Microsoft support document 240797 for details on setting the kill bit for CLSID's.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube