Title: Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability
Severity: HIGH
Description:
A vulnerability exists in Internet Explorer when handling specific DHTML events, allowing a malicious Web page to intercept mouse click events to perform unintended drag and drop operations.
In particular, it is possible to simulate a mouse drag and drop event through use of the moveBy() DHTML method of the window object. The moveBy() method provides a means of moving a window to screen coordinates specified by the arguments passed to the method. In the provided example, the moveBy() method is called when a link is clicked, causing onmousedown and onmouseup events to be triggered. The window is then restored to its initial location using moveBy(), simulating another onmouseup event and resulting in a drag and drop operation. This attack may also apply to the moveTo(), resizeBy(), and resizeTo() methods of the window object.
This could be exploited by creating a link that when clicked will cause an object such as an executable or shortcut to be stored on the client computer. In this manner, it would be possible to drop an executable onto the client computer in a location such as in the startup folder that could allow for the executable to be run at a later time.
This vulnerability can be exploited via a malicious web page or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Messenger, etc.).
It should be noted that a later variant of this issue exists (BID 9108) that evades the fixes provided in MS03-048. This later variant is addressed by MS04-004.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS03-048
- Microsoft: Microsoft Security Bulletin MS04-004
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
