Integer overflow in Microsoft Internet Explorer 6

Causes a denial of service (crash) or could allows remote access

There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.

Additional resources:

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S chip controversy over battery life

Not all new iPhones have the same processor chip, but Apple says differences in performance are minimal. Apple also pulls ad-blocking apps over privacy concerns, and Netflix raises its price again.

by Bridget Carey