Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > September 2006 > US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

September 2006

US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

ID: 00658
Ref: 631/2006
Date: 28 September 2006:10:28:25
Version: 1
Title: US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
Abstract: The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability that could allow a remote attacker to execute arbitrary code.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA06-270A


Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

Original release date: September 27, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer


Overview

The Microsoft Windows WebViewFolderIcon ActiveX control contains an
integer overflow vulnerability that could allow a remote attacker
to execute arbitrary code.


I. Description

The Microsoft Windows WebViewFolderIcon ActiveX control contains an
integer overflow vulnerability. An attacker could exploit this
vulnerability through Microsoft Internet Explorer (IE) or any other
application that hosts the WebViewFolderIcon control. More
information is available in Vulnerability Note VU#753044.

Exploit code for this vulnerability is publicly available.


II. Impact

By convincing a user to open a specially crafted HTML document,
such as a web page or HTML email message, a remote attacker could
execute arbitrary code with the privileges of the user who is
running the program that hosts the WebViewFolderIcon control.


III. Solution

Microsoft has not released an update for this
vulnerability. Consider the following workarounds and best
practices:

Disable the WebViewFolderIcon ActiveX control

To protect against this specific vulnerability, disable the
WebViewFolderIcon control by setting the kill bit for the
following CLSID:

{844F4806-E8A8-11d2-9652-00C04FC30871}

More information about how to set the kill bit is available in
Microsoft Support Document 240797.


Disable ActiveX

To protect against this and other ActiveX and COM
vulnerabilities, disable ActiveX in the Internet Zone and any
other zone that might be used by an attacker. Instructions for
disabling ActiveX in the Internet Zone can be found in the
"Securing Your Web Browser" document and the Malicious Web
Scripts FAQ.

Render email as plain text

To protect against this and other vulnerabilities that require a
victim to load a malicious HTML document, configure email clients
to render email as plain text.

Do not follow unsolicited links

To protect against this and other vulnerabilities that require a
victim to load a malicious HTML document, do not follow
unsolicited or untrusted links.

In order to convince users to visit their sites, attackers often
use URL encoding, IP address variations, long URLs, intentional
misspellings, and other techniques to create misleading links. Do
not click on unsolicited links received in email, instant
messages (IMs), web forums, or internet relay chat (IRC)
channels. Type URLs directly into the browser to avoid these
misleading links. While these are generally good security
practices, following these behaviors will not prevent
exploitation of this vulnerability in all cases, particularly if
a trusted site has been compromised or allows cross-site
scripting.


IV. References

* Vulnerability Note VU#753044 -


* Securing Your Web Browser -


* Malicious Web Scripts FAQ -


* CVE-2006-3730 -


* Microsoft Support Document 240797 -



____________________________________________________________________

The most recent version of this document can be found at:


____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA06-270A Feedback VU#753044" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:


____________________________________________________________________


Revision History

September 27, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRRr/eexOF3G+ig+rAQIhyAf/fQEq6CeRusvnGxVXAq3DlDtStv2bKOAX
aL7ynLjuyiMk6/oqOmzhuY9hu8zLaTXo2O3KhUpt+27KuxSEf+Kc1I9K2d19IP/P
vgNxQaqh2wzdW+iXv18c8sYU4SA+bTXdvpQp1oVmJ1oZiyBYrQjSGFxjZ4PJXD5k
02YUoQNk6tWWDvA4Fe3bDhx3J8NqTcht/+mcJkAzL0TmE7bYDE+cNkqLLbQ7BTa6
M8RkH/DMkOM9mSoFIFAszSbTcMJJmH0yM3948+rrL0Wr/rAC4h9pCKMWA8w4k0bp
enXfYh2B1utRJs/AZSz83wRGO/DdD5x4xQ0OWsMYDAzGudYr6MycfQ==
=2nCt
-----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |