CVE-2005-3240
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.082 Low
EPSS
Percentile
94.4%
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
Affected configurations
References
blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
secunia.com/advisories/18787
securitytracker.com/id?1015049
www.osvdb.org/2707
www.securiteam.com/windowsntfocus/5MP0B0UHPA.html
www.securityfocus.com/archive/1/424863/100/0/threaded
www.securityfocus.com/archive/1/424940/100/0/threaded
www.securityfocus.com/bid/16352
www.vupen.com/english/advisories/2006/0553
exchange.xforce.ibmcloud.com/vulnerabilities/24648
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.082 Low
EPSS
Percentile
94.4%