Microsoft Internet Explorer drag and drop could allow an attacker to save file to local system

ie-dragdrop-file-save (13679)

Medium Risk

Description:

Microsoft Internet Explorer could allow a remote attacker to save a file to a target location on the victim's system, without the dialog box that asks for the victim's approval for the download being displayed. The drag and drop operations fail to properly validate specific Dynamic HTML (DHTML) events. A remote attacker could create a specially-crafted URL link, which would cause a malicious file to be saved to a target location on the victim's system, once the link is clicked. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.

Platforms Affected:

• Microsoft, Internet Explorer 5.01 SP4
• Microsoft, Internet Explorer 5.01 SP2
• Microsoft, Internet Explorer 5.01 SP3
• Microsoft, Internet Explorer 5.5 SP2
• Microsoft, Internet Explorer 6
• Microsoft, Internet Explorer 6 SP1

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Wed Sep 10 2003 - 00:19:33 CDT, MSIE->HijackClick: 1+1=2 at http://archives.neohapsis.com/archives/bugtraq/2003-09/0173.html.
• CIAC Information Bulletin O-021, Microsoft Cumulative Security Update for Internet Explorer at http://www.ciac.org/ciac/bulletins/o-021.shtml.
• CIAC Information Bulletin O-068, Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004] at http://www.ciac.org/ciac/bulletins/o-068.shtml.
• Microsoft Security Bulletin MS03-048, Cumulative Security Update for Internet Explorer (832894) at http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx.
• Microsoft Security Bulletin MS03-048 , Cumulative Security Update for Internet Explorer (824145) at http://www.microsoft.com/technet/security/bulletin/ms03-048.mspx.
• Microsoft Security Bulletin MS04-004, Cumulative Security Update for Internet Explorer (832894) at http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx.
• Microsoft Security Bulletin MS04-025, Cumulative Security Update for Internet Explorer (867801) at http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx.
• Microsoft Security Bulletin MS04-038, Cumulative Security Update for Internet Explorer (834707) at http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx.
• Microsoft Security Bulletin MS04-040, Cumulative Security Update for Internet Explorer (889293) at http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx.
• Microsoft Security Bulletin MS05-008, Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) at http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx.
• Microsoft Security Bulletin MS05-014, Cumulative Security Update for Internet Explorer (867282) at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.
• Microsoft Security Bulletin MS05-016, Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) at http://www.microsoft.com/technet/security/bulletin/MS05-016.mspx.
• Microsoft Security Bulletin MS05-020, Cumulative Security Update for Internet Explorer (890923) at http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx.
• Microsoft Security Bulletin MS05-025, Cumulative Security Update for Internet Explorer (883939) at http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx.
• Microsoft Security Bulletin MS05-038, Cumulative Security Update for Internet Explorer (896727) at http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx.
• Microsoft Security Bulletin MS05-049, Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) at http://www.microsoft.com/technet/security/bulletin/ms05-049.mspx.
• Microsoft Security Bulletin MS05-052, Cumulative Security Update for Internet Explorer (896688) at http://www.microsoft.com/technet/security/Bulletin/MS05-052.mspx.
• Microsoft Security Bulletin MS05-054, Cumulative Security Update for Internet Explorer (905915) at http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx.
• Microsoft Security Bulletin MS06-004, Cumulative Security Update for Internet Explorer (910620) at http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx.
• Microsoft Security Bulletin MS06-013, Cumulative Security Update for Internet Explorer (912812) at http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx.
• Microsoft Security Bulletin MS06-015, Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) at http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx.
• Microsoft Security Bulletin MS06-021, Cumulative Security Update for Internet Explorer (916281) at http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx.
• Microsoft Security Bulletin MS06-042, Cumulative Security Update for Internet Explorer (918899) at http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx.
• Microsoft Security Bulletin MS06-045, Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) at http://www.microsoft.com/technet/security/bulletin/ms06-045.mspx.
• Microsoft Security Bulletin MS06-057, Vulnerability in Windows Explorer Could Allow Remote Execution (923191) at http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx.
• Microsoft Security Bulletin MS06-067, Cumulative Security Update for Internet Explorer (922760) at http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx.
• Microsoft Security Bulletin MS06-072, Cumulative Security Update for Internet Explorer (925454) at http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx.
• Microsoft Security Bulletin MS07-006, Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) at http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx.
• Microsoft Security Bulletin MS07-016, Cumulative Security Update for Internet Explorer (928090) at http://www.microsoft.com/technet/security/Bulletin/ms07-016.mspx.
• Microsoft Security Bulletin MS07-027, Cumulative Security Update for Internet Explorer (931768) at http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx.
• Microsoft Security Bulletin MS07-033, Cumulative Security Update for Internet Explorer (933566) at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx.
• Microsoft Security Bulletin MS07-045, Cumulative Security Update for Internet Explorer (937143) at http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx.
• Microsoft Security Bulletin MS07-057, Cumulative Security Update for Internet Explorer (939653) at http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx.
• Microsoft Security Bulletin MS07-069, Cumulative Security Update for Internet Explorer (942615) at http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx.
• Microsoft Security Bulletin MS08-010, Cumulative Security Update for Internet Explorer (944533) at http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx.
• Microsoft Security Bulletin MS08-024, Cumulative Security Update for Internet Explorer (947864) at http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx.
• Microsoft Security Bulletin MS08-031, Cumulative Security Update for Internet Explorer (950759) at http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx.
• Microsoft Security Bulletin MS08-045, Cumulative Security Update for Internet Explorer (953838) at http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx.
• Microsoft Security Bulletin MS08-058, Cumulative Security Update for Internet Explorer (956390) at http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx.
• BID-9009: Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability
• CVE-2003-0823: Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
• CVE-2003-1027: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the Function Pointer Drag and Drop Vulnerability.
• SA10192: Microsoft Internet Explorer Multiple Vulnerabilities
• SECTRACK ID: 1006036: Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method
• US-CERT VU#413886: Microsoft Internet Explorer allows mouse events to manipulate window objects and perform drag and drop operations

Reported:

Nov 11, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page