MS.IE.DragAndDrop.File.Install
Description
This indicates a possible exploit of a drag-and-drop vulnerability in Microsoft Internet Explorer.
A vulnerability is reported in the drag-and-drop feature of Internet Explorer that allows a remote user to install an arbitrary file on the vulnerable system. This is due to the failure of the application to validate drag and drop events. An attacker may create a malicious web page, which uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder and send it to a victim as an email message or a web link. This malicious web page could potentially allow an attacker to save a file on the users systems startup folder, which gets executed on the next system startup.
Affected Products
Microsoft Internet Explorer 5.01, 5.5, and 6
Impact
Compromise of the affected system.
Recommended Actions
Apply the security patch to the system as given in the Microsoft bulletin MS04-038.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:MS. IE. DragDrop. File. Install:MS. IE. DragAndDrop. File. Install |