Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3240

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-3240
Last Modified 10 Aug 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3240

Summary

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

XF - ie-dragdrop-variant(24648)

VUPEN - ADV-2006-0553

BID - 16352

BUGTRAQ - 20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)

BUGTRAQ - 20060213 Internet Explorer drag&drop 0day

MISC - http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html

OSVDB - 2707

SECTRACK - 1015049

SECUNIA - 18787

MISC - http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx


Last Updated: 27 May 2016 10:40:51