Vulnerability Note VU#694344
Microsoft Internet Explorer TIF Folder arbitrary file access vulnerability
A vulnerability in the way Microsoft Internet Explorer handles drag and drop operations may allow access of arbitrary files within the Temporary Internet Files folder.
Microsoft Internet Explorer contains a vulnerability that could be exploited when handling drag and drop operations. According to Microsoft Security Bulletin ms06-072:
An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure of cached content in the Temporary Internet Files (TIF) folder if a user viewed and interacted with the Web page.
A remote, unauthenticated attacker may be able to access arbitrary files within the Temporary Internet Files folder.
Disable Drag and Drop
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 Dec 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin ms06-072. Microsoft credits Yorick Koster of ITsec Security Services for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-5578
- Date Public: 12 Dec 2006
- Date First Published: 13 Dec 2006
- Date Last Updated: 13 Dec 2006
- Severity Metric: 9.72
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.