Microsoft Internet Explorer drag and drop event file downloading variant
| ie-dragdrop-variant (24648) |  Medium Risk |
Description:
Microsoft Internet Explorer could allow a remote attacker to download a malicious file to a target location on a victim's system, caused by improper validation of dynamic HTML (DHTML) drag and drop events. This vulnerability could result in a file being downloaded to a victim's system without the victim's knowledge. An attacker could exploit this vulnerability by creating a malicious Web page and persuading a victim to visit the malicious page or sending a malicious HTML email to a victim. Successful exploitation would allow the attacker to gain the privileges of the victim and save files to the victim's local file system, although the attacker would not be able to automatically execute the downloaded files. Significant user interaction and the ability for the attacker to predict the timing of a drag and drop event is required in order for this vulnerability to be successfully exploited.
*CVSS:
| Base Score: | 8 |
| Access Vector: | Remote |
| Access Complexity: | High |
| Authentication: | Not Required |
| Confidentiality Impact: | Complete |
| Integrity Impact: | Complete |
| Availability Impact: | Complete |
| Temporal Score: | 5.9 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
It has been reported that this vulnerability is scheduled to be fixed in Windows Server 2003 Service Pack 2 and Windows XP Service Pack 3.
As a workaround, disable Active Scripting.
References:
- Full-Disclosure Mailing List, Mon Feb 13 2006 - 18:40:29 CST: Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd).
- IBM Internet Security Systems X-Force Database: Microsoft Internet Explorer drag and drop event file downloading.
- Microsoft Security Response Center Blog Monday, February 13, 2006 10:48 PM: Information on IE Drag and Drop Issue.
- SecuriTeam Windows NT Focus 13 Feb. 2006: Microsoft Internet Explorer Drag-and-Drop Redeux.
- BID-16352: Microsoft Internet Explorer Drag And Drop File Installation Vulnerability Variant
- CVE-2005-3240: Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
- OSVDB ID: 2707: Microsoft IE Drag and Drop Arbitrary File Installation
- SA18787: Internet Explorer Drag-and-Drop Vulnerability
- SECTRACK ID: 1015049: Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
- VUPEN/ADV-2006-0553: Microsoft Internet Explorer Drag and Drop Events Timing Vulnerability
Platforms Affected:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Reported:
Feb 13, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.