CVE-2006-3730

Published: Jul 21, 2006Modified: Apr 16, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

Affected (2)

Products: Microsoft: Ie, Internet Explorer

2 products

Internet Explorer

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 6.0

Running on/with	Platform Versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (40)

http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html

Source: cve@mitre.org

Exploit

http://isc.sans.org/diary.php?storyid=1742

Source: cve@mitre.org

http://riosec.com/msie-setslice-vuln

Source: cve@mitre.org

http://secunia.com/advisories/22159

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016941

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/753044

Source: cve@mitre.org

US Government Resource

http://www.osvdb.org/27110

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/447174/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/447383/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/447426/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/447490/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/449179/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19030

Source: cve@mitre.org

Exploit

http://www.us-cert.gov/cas/techalerts/TA06-270A.html

Source: cve@mitre.org

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA06-283A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2006/2882

Source: cve@mitre.org

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27804

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2440

Source: cve@mitre.org

http://browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://isc.sans.org/diary.php?storyid=1742

Source: af854a3a-2127-422b-91ae-364da2661108

http://riosec.com/msie-setslice-vuln

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22159

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1016941

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/753044

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/27110

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/447174/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/447383/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/447426/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/447490/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/449179/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19030

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.us-cert.gov/cas/techalerts/TA06-270A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA06-283A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/2882

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-057

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/27804

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A339

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/2440

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.