Microsoft Internet Explorer Drag and Drop Events Timing Vulnerability

Technical Description

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to an error in the Drag and Drop functionality that fails to properly validate certain Dynamic HTML (DHTML) events and methods provided by the DHTML Object Model, which could be exploited by malicious web sites to bypass security restrictions and place arbitrary executables on a vulnerable system by tricking a user into clicking and dragging an object from a specially crafted browser window to another window pointing to local resources.

Note : Significant user interaction is required to exploit this vulnerability.

~ CyberNoggin.com

Protect Your Assets

Submitted by cybernoggin on Tue, 02/14/2006 - 7:41am. categories [ CyberNoggin.com Security Blogs | Vulnerabilities ] cybernoggin's blog | login or register to post comments

User login

Navigation

Internet Security News

We read

Microsoft Internet Explorer Drag and Drop Events Timing Vulnerability

TRANSLATION - übersetzen, traducir, traduire, tradurre

Poll

Syndicate

Home - CyberNoggin PC Security ~ CyberNoggin.com Site Map ~ Our Site is Listed at Firewall.com!