{"id":18,"date":"2006-10-04T06:46:00","date_gmt":"2006-10-04T15:46:00","guid":{"rendered":"http:\/\/localhost\/wordpress\/?p=18"},"modified":"2007-01-23T13:17:31","modified_gmt":"2007-01-23T22:17:31","slug":"zero-day-exploit-alert-webviewfoldericon-setslice-vulnerability","status":"publish","type":"post","link":"https:\/\/www.evardsson.com\/blog\/2006\/10\/04\/zero-day-exploit-alert-webviewfoldericon-setslice-vulnerability\/","title":{"rendered":"Zero-Day Exploit Alert: WebViewFolderIcon setSlice Vulnerability"},"content":{"rendered":"

This is a Critical exploit, capable of executing code as the user running Internet Explorer. Reports of this in the wild as well as a temporary patch<\/a> can be found at the Internet Storm Center<\/a>.
\nFrom the eEye Digital Security Alert<\/a>:<\/p>\n

The PoC is an integer overflow-based heap overflow, in the DSA_SetItem function in COMCTL32.DLL. An arithmetic overflow can occur during multiplication to calculate the desired size for a call to ReAlloc, that isn’t reproduced during a subsequent call to memmove, so the allocated size can be smaller than the copy size and result in a heap buffer overflow. …<\/p>\n

This vulnerability can result in remote code execution in the context of the logged in user. In order to exploit this an attacker must create a malicious website or leverage a site that allows for custom user content.<\/p><\/blockquote>\n

While the vulnerability was posted on the Browser Fun Blog<\/a> on July 18th, the exploit first appeared over the weekend. The Microsoft Security Advisory<\/a> has details on how to patch manually and how to apply the manual change to group policy.<\/p>\n

Affects:<\/strong><\/p>\n