TITLE: Internet Explorer Drag-and-Drop Vulnerability SECUNIA ADVISORY ID: SA18787 VERIFY ADVISORY: http://secunia.com/advisories/18787/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ DESCRIPTION: Matthew Murphy has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to error in the timing of drag-and-drop events when certain objects not derived from HTML documents (e.g. files within a folder view) are dragged. This race condition can be exploited to place arbitrary files on a user's system by tricking the user into interacting with a malicious web site. The vulnerability is related to: SA12321 Successful exploitation requires a certain amount of timing and user interaction. SOLUTION: Disable Active Scripting support for all but trusted sites. Set the kill bit on the Shell.Explorer control. PROVIDED AND/OR DISCOVERED BY: Matthew Murphy ORIGINAL ADVISORY: Matthew Murphy posting on Full-Disclosure: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0271.html Microsoft response: http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx OTHER REFERENCES: SA12321: http://secunia.com/advisories/12321/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------