CVE-2006-3730

CVSS 8.8 HIGHEPSS 63.6%CWE-94

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.8EPSS 63.6%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado

Lifecycle

17 Jul 2006Metasploit module available

19 Jul 2006Published on NVD

28 Sep 2006Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 5

exploitdbwww.exploit-db.com/exploits/2458unverified exploitdbwww.exploit-db.com/exploits/2460unverified exploitdbwww.exploit-db.com/exploits/2448unverified cve_referencewww.exploit-db.com/exploits/2440unverified exploitdbwww.exploit-db.com/exploits/16564unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html http://isc.sans.org/diary.php?storyid=1742 http://riosec.com/msie-setslice-vuln https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057 http://secunia.com/advisories/22159 http://securitytracker.com/id?1016941 https://exchange.xforce.ibmcloud.com/vulnerabilities/27804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339 https://www.exploit-db.com/exploits/2440 http://www.kb.cert.org/vuls/id/753044 http://www.osvdb.org/27110 http://www.securityfocus.com/archive/1/447174/100/0/threaded