Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability
Original release date: September 27, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows * Microsoft Internet Explorer
Overview
The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability that could allow a remote attacker to execute arbitrary code.
I. Description
The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. An attacker could exploit this vulnerability through Microsoft Internet Explorer (IE) or any other application that hosts the WebViewFolderIcon control. More information is available in Vulnerability Note VU#753044.
Exploit code for this vulnerability is publicly available.
II. Impact
By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user who is running the program that hosts the WebViewFolderIcon control.
III. Solution
Microsoft has not released an update for this vulnerability. Consider the following workarounds and best practices:
Disable the WebViewFolderIcon ActiveX control
To protect against this specific vulnerability, disable the WebViewFolderIcon control by setting the kill bit for the following CLSID:
{844F4806-E8A8-11d2-9652-00C04FC30871}
More information about how to set the kill bit is available in Microsoft Support Document 240797.
Disable ActiveX
To protect against this and other ActiveX and COM vulnerabilities, disable ActiveX in the Internet Zone and any other zone that might be used by an attacker. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document and the Malicious Web Scripts FAQ.
Render email as plain text
To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, configure email clients to render email as plain text.
Do not follow unsolicited links
To protect against this and other vulnerabilities that require a victim to load a malicious HTML document, do not follow unsolicited or untrusted links.
In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages (IMs), web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.
Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-270A Feedback VU#753044" in the subject. ____________________________________________________________________
For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Copyright 1996 - 2026 by David Cottle. Designed by David Bate Jr. All Rights Reserved.
By using this forum, the user agrees not to transfer any data or technical information received under this agreement to any other entity without the express approval of the AUS-CITY Forum Admins and/or authors of individual posts (Forum Admins and DoD/USSPACECOM for the analysis of satellite tracking data).
Two-line elements (TLE) and all other satellite data presented and distributed via this forum and AUS-CITY mailing lists are distributed with permission from DoD/USSTRATCOM.