Title: Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability
Severity: MODERATE
Description:
Microsoft Internet Explorer supports the DHTML method dragDrop() that allows objects to be dragged and dropped on a web page. This control provides a user interface for the web client to upload files to a web server.
The dragDrop() method can be used by a maliciously crafted web page to read local files from an Internet Explorer user's local drive.
If a web page is constructed containing a script element utilizing the dragDrop() method and properly obfuscated, users can be tricked into uploading a local file to the malicious web server.
This can typically be achieved by constructing a JavaScript element appearing to be a hyperlink that actually contains elements to drop text, such as a file name, into an HTML upload control using the dragDrop() method. The local file name must be known in order for the attack to succeed, however, relative paths may be used. The user must also perform another action, such as clicking on a button, in order to trigger the file upload. Exploitation could result in disclosure of sensitive information from files on the client system. Files that are currently in use may not be uploaded through exploitation of this vulnerability.
It may be possible to exploit this issue through HTML e-mail. Other applications which use the Internet Explorer interpreter may also allow exploitation of this issue.
This issue was described in BID 7417. This BID is being updated to reflect the release of a Microsoft Security Bulletin which addresses the issue.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS03-015
- Microsoft: Outlook E-Mail Security Update
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
