CVE-2006-3730

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 6 on Windows XP SP2

Description The issue is caused by an integer overflow when a 0x7fffffff argument is passed to the setSlice method on a WebViewFolderIcon ActiveX object, leading to an invalid memory copy. This could allow remote attackers to cause a denial of service or execute arbitrary code. A remote code execution vulnerability exists in Windows Shell due to improper validation of input parameters when invoked by the WebViewFolderIcon ActiveX control. An attacker could exploit this by hosting a specially crafted web site or sending a specially crafted e-mail message, potentially taking complete control of an affected system.

Recommendations For Microsoft Internet Explorer 6 on Windows XP SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the WebViewFolderIcon ActiveX control until a patch is available. Restrict access to web sites that could potentially exploit this vulnerability to minimize the risk of exploitation.