Microsoft IE window.moveBy Cursor Hijack (HijackClick)

2003-09-10T00:00:00
ID OSVDB:3094
Type osvdb
Reporter OSVDB
Modified 2003-09-10T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer allows a remote attacker to save a file to a target location on the victim's system, without a confirmation dialog box. The issue is due to inproper validation of specific Dynamic HTML (DHTML) functions that control mouse and window movement. If an attacker creates a specially crafted URL link, it can be configured to download and save an arbitrary file on the victim system without any warning or confirmation.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Internet Explorer allows a remote attacker to save a file to a target location on the victim's system, without a confirmation dialog box. The issue is due to inproper validation of specific Dynamic HTML (DHTML) functions that control mouse and window movement. If an attacker creates a specially crafted URL link, it can be configured to download and save an arbitrary file on the victim system without any warning or confirmation.

References:

Secunia Advisory ID:9711 Microsoft Security Bulletin: MS03-048 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0173.html Keyword: aka HijackClick Keyword: different vulnerability than CAN-2003-1027 ISS X-Force ID: 13679 CVE-2003-0823 CIAC Advisory: o-021 CIAC Advisory: o-068 CERT VU: 413886 Bugtraq ID: 9009