# Microsoft Internet Explorer Drag and Drop Vulnerability (Highly Critical)



## jgvernonco (Sep 13, 2003)

Microsoft Internet Explorer Drag and Drop Vulnerability

SECUNIA ADVISORY ID:
SA12321

VERIFY ADVISORY:
http://secunia.com/advisories/12321/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
http-equiv has discovered a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to insufficient validation of drag
and drop events issued from the "Internet" zone to local resources.
This can be exploited by a malicious website to e.g. plant an
arbitrary executable file in a user's startup folder, which will get
executed the next time Windows starts up.

http-equiv has posted a PoC (Proof of Concept), which plants a
program in the startup directory when a user drags a program
masqueraded as an image.

NOTE: Even though the PoC depends on the user performing a drag and
drop event, it may potentially be rewritten to use a single click as
user interaction instead.

This vulnerability is a variant of an issue discovered by Liu Die
Yu.
SA9711

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

SOLUTION:
Disable Active Scripting or use another product.

PROVIDED AND/OR DISCOVERED BY:
http-equiv

OTHER REFERENCES:
SA9711:
http://secunia.com/advisories/9711/


----------

