Integer overflow in Microsoft Internet Explorer 6

Causes a denial of service (crash) or could allows remote access

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Jan. 23, 2007 12:33 p.m. PT

There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.

Additional resources:

Microsoft: Advisory 926043
US-CERT Technical Alert: TA06-270A
US-CERT Vulnerability Note: VU#753044
BrowserFun: #18

Mobile Guides

Phones

Foldable Phones

Headphones

Mobile Accessories

Smartwatches

Wireless Plans

Mobile coupons