Microsoft IE Arbitrary File Write (What a Drag)

2004-07-17T00:00:00
ID OSVDB:8148
Type osvdb
Reporter http-equiv(http-equiv@excite.com )
Modified 2004-07-17T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a malicious website to silently deliver a file to the local filesystem without user knowledge. The issue is triggered when a user drags one HTML object on top of another. It is possible that the flaw may allow malware infection resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a malicious website to silently deliver a file to the local filesystem without user knowledge. The issue is triggered when a user drags one HTML object on top of another. It is possible that the flaw may allow malware infection resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0208.html Generic Exploit URL: http://www.richardharman.com/osvdb/8148-wattadrag/drag-and-drop-test.html