Internet Explorer WebViewFolderIcon setSlice integer overflowAdded: 09/29/2006
BackgroundThe WebViewFolderIcon ActiveX control provides support for icons in the Windows Explorer Web view.
ProblemAn integer overflow vulnerability in the setSlice method in the WebViewFolderIcon ActiveX control allows remote command execution by a specially crafted web page.
ResolutionSee Microsoft Security Advisory 926043 for fix information.
LimitationsExploit works on Internet Explorer 6.0. Exploit requires a user to load the exploit page into the vulnerable browser.
Due to the nature of the vulnerability, the success of the exploit may depend upon the system state. There may be a delay before the exploit succeeds due to the large amount of memory required on the target.
Back to exploit index