lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <451D71A2.3010303@determina.com>
Date: Fri, 29 Sep 2006 12:18:58 -0700
From: Alexander Sotirov <asotirov@...ermina.com>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Determina zero-day fix for CVE-2006-3730
 (WebViewFolderIcon setSlice Integer Overflow)

Determina has released a free, downloadable fix for the WebFolderIcon setSlice
vulnerability. This standalone fix for Internet Explorer will prevent this
critical vulnerabilty from being exploited until Microsoft is able to issue a
patch. Desktop users without proactive protection against vulnerability exploits
may consider installing this fix if they believe they might have exposure to
web-based attacks.

The fix can be downloaded from http://www.determina.com/security.research/ and
includes full source code. The fix applies to all versions of Windows 2000, XP
and 2003. The fix patches the flawed code in memory when a vulnerable version of
the ActiveX control in Internet Explorer is running, without affecting any files
on disk or disabling any browser functionality. It should also not interfere
with the installation of a Microsoft patch when one becomes available.

We're also researching additional exploitation vectors. The underlying cause of
the setSlice vulnerability is an integer overflow in COMCTL32.DLL, a core
Windows component used by a large number of applications. The WebViewFolderIcon
ActiveX control is most likely only one of the attack vectors for this
vulnerability.


Alex Sotirov

Security Research
Determina Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ