HTTP: Internet Explorer SetSlice Integer Overflow
This signature detects Web pages containing dangerous ActiveX commands. A malicious Web site can exploit a known vulnerability in Internet Explorer 5.0-6.0 and gain control of the client browser.
Extended Description
Microsoft WebViewFolderIcon ActiveX control is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.
Affected Products
Ibm server_sensor,Ibm proventia_server
References
BugTraq: 19030
CVE: CVE-2006-3730
URL: http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html
Short Name
HTTP:STC:IE:SETSLICE-OF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-3730 Explorer Integer Internet Overflow SetSlice bid:19030
Release Date
09/28/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Ibm
Avaya
CVSS Score
9.3