Description: H D Moore has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the Windows Shell and is exposed via the "setSlice()" method in the WebViewFolderIcon ActiveX control (webvw.dll). This can e.g. be exploited via Internet Explorer by a malicious website to corrupt memory by passing specially crafted arguments to the "setSlice()" method.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerability is confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Changelog: 2006-09-29: Added additional information provided by Microsoft. Added link to Microsoft advisory and updated "Solution" section. Updated affected software.
2006-10-10: The vendor releases patches. Updated "Solution" and "Original Advisory" section.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.