SECUNIA ADVISORY ID: SA22159

VERIFY ADVISORY: http://secunia.com/advisories/22159/

CRITICAL: Extremely critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Microsoft Internet Explorer 6.x - http://secunia.com/product/11/

DESCRIPTION: H D Moore has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the "setSlice()" method in the "WebViewFolderIcon" ActiveX control. This can be exploited to corrupt memory when e.g. visiting a malicious web site. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

NOTE: Exploit code is publicly available.

SOLUTION: Only allow trusted websites to run ActiveX controls.

PROVIDED AND/OR DISCOVERED BY: H D Moore

ORIGINAL ADVISORY: H D Moore: http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html