HTTP: Internet Explorer Drag-and-Drop Evasion
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer drag-and-drop. Attackers can send a maliciously crafted request or host a malicious Web page to exploit this issue. A successful attack can allow attackers to execute arbitrary code. This vulnerability is detailed in Microsoft Security Bulletin MS04-038.
Extended Description
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
Affected Products
Microsoft windows_98se
References
BugTraq: 11466
CVE: CVE-2005-0053
URL: http://www.microsoft.com/technet/security/Bulletin/MS05-008.mspx http://www.kb.cert.org/vuls/id/698835
Short Name
HTTP:STC:IE:DND-IMG
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-0053 Drag-and-Drop Evasion Explorer Internet bid:11466
Release Date
02/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5