Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1027

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1027
Last Modified 10 Sep 2008 12:00:00
Published 20 Jan 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1027

Summary

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT - TA04-033A

CERT-VN - VU#413886

BUGTRAQ - 20031125 HijackClickV2 - a successor of HijackClick attack

XF - ie-method-perform-actions(13844)

SECTRACK - 1006036

MISC - http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2

MS - MS04-004

BUGTRAQ - 20031201 Comments on 5 IE vulnerabilities


Last Updated: 27 May 2016 10:38:08