WebViewFolderIcon setSlice 0Day Exploit (MS06-057)
There is a new 0-day Windows Shell exploit with proof of concept code making it's rounds which exploits it via ActiveX in Internet Explorer (including Metasploit module).
This exploit is derived from one of HD Moore's bugs from the Month of Browser Bugs back in July. Specifically, it's this one. It was previously thought to be non-exploitable, however as summarized here (and in detail here), it, and other bugs like it, should now be considered exploitable.
As always, the Internet Storm Center has a good collection of links and updates as well as temporary remediation strategies (no longer necessary of course). Here are the current best entries on the subject:
http://isc.sans.org/diary.php?storyid=1747 from 9/30/06
http://isc.sans.org/diary.php?storyid=1749 from 9/30/06 where they raise the Infocon to Yellow to raise awareness of the fact that it is spreading in the wild
Some of the interesting links from their collection include:
A confirmation that it's in the wild using the common iframe insertion technique at Exploit Prevention Labs.
A very detailed background (book chapter) about malicious ActiveX controls http://www.oreilly.com/catalog/malmobcode/chapter/ch11.html at O'Reilly].
The MS security bulletin assigned to this threat is MS06-057.
The CVE identifier for this vulnerability is CVE-2006-3730
