Friday, July 10, 2020
  • Home
  •             

Web-View Folder Vulnerability

October 3rd, 2006 by Patrick S

Windows allows you to view folders in a “web view”, complete with thumbnails of files etc. Turns out this functionality has a vulnerability. This vulnerability can be exploited remotely via an ActiveX component in Internet Explorer. And now there’s public exploit code available for this vulnerability. Over the last day or so, several malicious websites have inserted such code via IFRAMEs on their site.

You can’t patch your systems, as no official patch is available. Microsoft has an advisory out, explaining how you can disable the vulnerable ActiveX component via a registry change.
They are typically hidden with Javascript obfuscators, which we detect as “Trojan-Downloader.JS.Agent.ab” or similar. In the end, most of the exploits end up downloading binaries with names like “loaderadv499_3.exe”

Microsoft has issued a statement claiming that there will be a fix on October the 10th (Patch Thursday 🙂 )

That update again? Located here
Credits to F-secure for source

Posted in Security, Windows XP | Comments Off on Web-View Folder Vulnerability


This entry was posted on Tuesday, October 3rd, 2006 at 2:17 am and is filed under Security, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


Comments are closed.