CVE-2006-3730 - OpenCVE

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Internet Explorer Ie

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

References

Link	Resource
http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html	Exploit
http://isc.sans.org/diary.php?storyid=1742
http://riosec.com/msie-setslice-vuln
http://secunia.com/advisories/22159	Vendor Advisory
http://securitytracker.com/id?1016941
http://www.kb.cert.org/vuls/id/753044	US Government Resource
http://www.osvdb.org/27110
http://www.securityfocus.com/archive/1/447174/100/0/threaded
http://www.securityfocus.com/archive/1/447383/100/100/threaded
http://www.securityfocus.com/archive/1/447426/100/0/threaded
http://www.securityfocus.com/archive/1/447490/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/19030	Exploit
http://www.us-cert.gov/cas/techalerts/TA06-270A.html	US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-283A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/2882	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057
https://exchange.xforce.ibmcloud.com/vulnerabilities/27804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339
https://www.exploit-db.com/exploits/2440

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-19T23:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-07-19T00:00:00

Link: CVE-2006-3730

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-21T14:03:00.000

Modified: 2021-07-23T12:55:03.667

Link: CVE-2006-3730

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016941", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016941"}, {"name": "TA06-283A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"}, {"name": "TA06-270A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"}, {"name": "MS06-057", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#753044", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/753044"}, {"name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:339", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.php?storyid=1742"}, {"name": "ie-webviewfoldericon-dos(27804)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"}, {"name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"}, {"name": "20060930 setSlice exploited in the wild - massively", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://riosec.com/msie-setslice-vuln"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "27110", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27110"}, {"name": "19030", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19030"}, {"name": "ADV-2006-2882", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2882"}, {"tags": ["x_refsource_MISC"], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"}, {"name": "2440", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2440"}, {"name": "20060930 ZERT patch for setSlice()", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"}, {"name": "22159", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22159"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016941", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016941"}, {"name": "TA06-283A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"}, {"name": "TA06-270A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"}, {"name": "MS06-057", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"}, {"name": "SSRT061264", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#753044", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/753044"}, {"name": "20060927 Exploit module available for WebViewFolderIcon setSlice 0-day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:339", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"}, {"name": "http://isc.sans.org/diary.php?storyid=1742", "refsource": "MISC", "url": "http://isc.sans.org/diary.php?storyid=1742"}, {"name": "ie-webviewfoldericon-dos(27804)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"}, {"name": "20060929 Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"}, {"name": "20060930 setSlice exploited in the wild - massively", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"}, {"name": "http://riosec.com/msie-setslice-vuln", "refsource": "MISC", "url": "http://riosec.com/msie-setslice-vuln"}, {"name": "HPSBST02161", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "27110", "refsource": "OSVDB", "url": "http://www.osvdb.org/27110"}, {"name": "19030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19030"}, {"name": "ADV-2006-2882", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2882"}, {"name": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html", "refsource": "MISC", "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"}, {"name": "2440", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2440"}, {"name": "20060930 ZERT patch for setSlice()", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"}, {"name": "22159", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22159"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3730", "datePublished": "2006-07-19T23:00:00", "dateReserved": "2006-07-19T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy."}, {"lang": "es", "value": "Desbordamiento de entero en Microsoft Internet Explorer 6 sobre Windows XP SP2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s deun argumento 0x7fffffff en el m\u00e9todo setSlice sobre un objeto ActiveX WebViewFolderIcon, el cual dar\u00e1 lugar a una copia de memoria no v\u00e1lida."}], "id": "CVE-2006-3730", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=1742"}, {"source": "cve@mitre.org", "url": "http://riosec.com/msie-setslice-vuln"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22159"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016941"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/753044"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27110"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447174/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447383/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447426/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447490/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/19030"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-270A.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-283A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2882"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27804"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2440"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}