Secunia Security Advisory - Matthew Murphy has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
4b6af75b0b5497fd63b747e7de0b6551e45fbc8edfa2c4b63570ad249d174a5b
TITLE:
Internet Explorer Drag-and-Drop Vulnerability
SECUNIA ADVISORY ID:
SA18787
VERIFY ADVISORY:
http://secunia.com/advisories/18787/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
DESCRIPTION:
Matthew Murphy has reported a vulnerability in Internet Explorer,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to error in the timing of
drag-and-drop events when certain objects not derived from HTML
documents (e.g. files within a folder view) are dragged. This race
condition can be exploited to place arbitrary files on a user's
system by tricking the user into interacting with a malicious web
site.
The vulnerability is related to:
SA12321
Successful exploitation requires a certain amount of timing and user
interaction.
SOLUTION:
Disable Active Scripting support for all but trusted sites.
Set the kill bit on the Shell.Explorer control.
PROVIDED AND/OR DISCOVERED BY:
Matthew Murphy
ORIGINAL ADVISORY:
Matthew Murphy posting on Full-Disclosure:
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0271.html
Microsoft response:
http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
OTHER REFERENCES:
SA12321:
http://secunia.com/advisories/12321/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------