CVE-2006-3730
high-risk
Published 2006-07-21
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
Do I need to act?
!
86.9% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (40)
Vendor Advisory
http://secunia.com/advisories/22159
US Government Resource
http://www.kb.cert.org/vuls/id/753044
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-270A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-283A.html
Vendor Advisory
http://www.vupen.com/english/advisories/2006/2882
and 20 more references
64
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
27/34 · High
Exposure
7/34 · Low