Intrusion PreventionMS.IE.DragAndDrop.File.Install
Description
This indicates a possible exploit of a drag-and-drop vulnerability in Microsoft Internet Explorer.
A vulnerability is reported in the drag-and-drop feature of Internet Explorer that allows a remote user to install an arbitrary file on the vulnerable system. This is due to the failure of the application to validate drag and drop events. An attacker may create a malicious web page, which uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder and send it to a victim as an email message or a web link. This malicious web page could potentially allow an attacker to save a file on the users systems startup folder, which gets executed on the next system startup.
Affected Products
Microsoft Internet Explorer 5.01, 5.5, and 6
Impact
Compromise of the affected system.
Recommended Actions
Apply the security patch to the system as given in the Microsoft bulletin MS04-038.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-11-22 | 15.729 | Name:MS. IE. DragDrop. File. Install:MS. IE. DragAndDrop. File. Install |
| ID | 10030 |
| Created | Jun 07, 2005 |
| Updated | Nov 29, 2022 |
| Risk |
|
| CVE ID | CVE-2004-0839 |
| Exploit Prediction Score | 84.58% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IE |