Microsoft Internet Explorer drag and drop event file downloading

ie-dragdrop-gain-privileges (19117)

Medium Risk

Description:

Microsoft Internet Explorer running on Microsoft Windows Server 2003, Windows XP, and Windows 2000 could allow a remote attacker to download a malicious file to a target location on a victim's system, caused by improper validation of dynamic HTML (DHTML) drag and drop events. This vulnerability could result in a file being downloading to a victim's system without the victim's knowledge. An attacker could exploit this vulnerability by creating a malicious Web page and persuading a victim to visit the malicious page or sending a malicious HTML email to a victim. Successful exploitation would allow the attacker to gain the privileges of the victim and save files to the victim's local file system, although the attacker would not be able to automatically execute the downloaded files. Significant user interaction is required in order for this vulnerability to be successfully exploited.

This vulnerability addresses CVE-2004-0985, CVE-2004-0839, and CVE-2003-1027.

Platforms Affected:

• Microsoft, Internet Explorer 5.01 SP4
• Microsoft, Internet Explorer 5.01 SP3
• Microsoft, Internet Explorer 5.5 SP2
• Microsoft, Internet Explorer 6
• Microsoft, Internet Explorer 6 SP1
• Microsoft, Windows 2000 SP3
• Microsoft, Windows 2000 SP4
• Microsoft, Windows 2003 Server
• Microsoft, Windows 2003 Server Itanium
• Microsoft, Windows XP 2003 64-bit Itanium
• Microsoft, Windows XP SP1 64-bit
• Microsoft, Windows XP SP2
• Microsoft, Windows XP SP1

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

Consequences:

Gain Access

References:

• CIAC Information Bulletin P-125, Microsoft Cumulative Security Update for Internet Explorer at http://www.ciac.org/ciac/bulletins/p-125.shtml.
• CIAC Information Bulletin P-131, Vulnerability in Windows Shell at http://www.ciac.org/ciac/bulletins/p-131.shtml.
• Microsoft Security Bulletin MS05-008, Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) at http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx.
• Microsoft Security Bulletin MS05-014, Cumulative Security Update for Internet Explorer (867282) at http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx.
• Microsoft Security Bulletin MS05-016, Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) at http://www.microsoft.com/technet/security/bulletin/MS05-016.mspx.
• Microsoft Security Bulletin MS05-020, Cumulative Security Update for Internet Explorer (890923) at http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx.
• Microsoft Security Bulletin MS05-025, Cumulative Security Update for Internet Explorer (883939) at http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx.
• Microsoft Security Bulletin MS05-038, Cumulative Security Update for Internet Explorer (896727) at http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx.
• Microsoft Security Bulletin MS05-049, Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) at http://www.microsoft.com/technet/security/bulletin/ms05-049.mspx.
• Microsoft Security Bulletin MS05-052, Cumulative Security Update for Internet Explorer (896688) at http://www.microsoft.com/technet/security/Bulletin/MS05-052.mspx.
• Microsoft Security Bulletin MS05-054, Cumulative Security Update for Internet Explorer (905915) at http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx.
• Microsoft Security Bulletin MS06-004, Cumulative Security Update for Internet Explorer (910620) at http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx.
• Microsoft Security Bulletin MS06-013, Cumulative Security Update for Internet Explorer (912812) at http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx.
• Microsoft Security Bulletin MS06-015, Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) at http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx.
• Microsoft Security Bulletin MS06-021, Cumulative Security Update for Internet Explorer (916281) at http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx.
• Microsoft Security Bulletin MS06-042, Cumulative Security Update for Internet Explorer (918899) at http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx.
• Microsoft Security Bulletin MS06-045, Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) at http://www.microsoft.com/technet/security/bulletin/ms06-045.mspx.
• Microsoft Security Bulletin MS06-057, Vulnerability in Windows Explorer Could Allow Remote Execution (923191) at http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx.
• Microsoft Security Bulletin MS06-067, Cumulative Security Update for Internet Explorer (922760) at http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx.
• Microsoft Security Bulletin MS06-072, Cumulative Security Update for Internet Explorer (925454) at http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx.
• Microsoft Security Bulletin MS07-006, Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) at http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx.
• Microsoft Security Bulletin MS07-016, Cumulative Security Update for Internet Explorer (928090) at http://www.microsoft.com/technet/security/Bulletin/ms07-016.mspx.
• Microsoft Security Bulletin MS07-027, Cumulative Security Update for Internet Explorer (931768) at http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx.
• Microsoft Security Bulletin MS07-033, Cumulative Security Update for Internet Explorer (933566) at http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx.
• Microsoft Security Bulletin MS07-045, Cumulative Security Update for Internet Explorer (937143) at http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx.
• Microsoft Security Bulletin MS07-057, Cumulative Security Update for Internet Explorer (939653) at http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx.
• Microsoft Security Bulletin MS07-069, Cumulative Security Update for Internet Explorer (942615) at http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx.
• Microsoft Security Bulletin MS08-010, Cumulative Security Update for Internet Explorer (944533) at http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx.
• Microsoft Security Bulletin MS08-024, Cumulative Security Update for Internet Explorer (947864) at http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx.
• Microsoft Security Bulletin MS08-031, Cumulative Security Update for Internet Explorer (950759) at http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx.
• Microsoft Security Bulletin MS08-045, Cumulative Security Update for Internet Explorer (953838) at http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx.
• BID-11466: Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability
• CVE-2005-0053: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the Drag-and-Drop Vulnerability.
• US-CERT VU#698835: Microsoft DHTML Drag-and-Drop events insufficiently validated

Reported:

Feb 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page