Best TVs 'She-Hulk' Review Up to $1,000 Off Samsung Phones Best Streaming TV Shows Home Bistro Review 8 Great Exercises Amazon Back-to-School Sale Best Phones Under $500
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Integer overflow in Microsoft Internet Explorer 6

Causes a denial of service (crash) or could allows remote access

There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.

Additional resources: