January 8, 2007 11:13 AM PST

Integer overflow in Microsoft Internet Explorer 6

Posted by Robert Vamosi Post a comment

There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.

Additional resources:

Recent posts from Zero Days
Microsoft fixes nineteen flaws in seven patches; all are considered critical updates
Storm Worm strikes again
Windows dynamic DNS update mechanism
Windows Web Proxy Autodiscovery flaw
Windows animated cursor attack

TalkBack
No discussions exist yet.

Click here to be the first to post a comment on this blog

Article discussion: Integer overflow in Microsoft Internet Explorer 6

Post a comment

advertisement

About Zero Days

Zero Days are security threats released before or concurrent with the public disclosure of software vulnerabilities. Our new blog will keep you ahead of the criminal hackers by informing you what you are up against.

Add this feed to your online news reader

Zero Days topics

advertisementDell Desktop Deals
Reviews & advice
All product reviews
Editorial policies
Meet the editors
How we test
Tips & tricks
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET