Microsoft IE dragDrop Arbitrary File Upload (What a Drag II)

2004-08-18T04:15:50
ID OSVDB:9070
Type osvdb
Reporter http-equiv(http-equiv@excite.com )
Modified 2004-08-18T04:15:50

Description

Vulnerability Description

Microsoft IE contains a flaw that may allow an attacker to upload a malicious file. The issue is triggered when a user attempts a drag and drop action on a malicious html page. It is possible that the flaw may allow the saving of an arbitrary file in the startup folder which will be executed after the next reboot resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft IE contains a flaw that may allow an attacker to upload a malicious file. The issue is triggered when a user attempts a drag and drop action on a malicious html page. It is possible that the flaw may allow the saving of an arbitrary file in the startup folder which will be executed after the next reboot resulting in a loss of integrity.

References:

Secunia Advisory ID:12321 Secunia Advisory ID:12806 Related OSVDB ID: 10708 Related OSVDB ID: 10709 Related OSVDB ID: 10710 Related OSVDB ID: 10705 Related OSVDB ID: 10704 Related OSVDB ID: 10706 Related OSVDB ID: 10707 Microsoft Security Bulletin: MS05-008 Microsoft Security Bulletin: MS04-038 Microsoft Security Bulletin: MS05-014 Microsoft Knowledge Base Article: 834707 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0842.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0814.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0822.html ISS X-Force ID: 17044 CVE-2004-0839 Bugtraq ID: 10973