Vulnerability Note VU#698835
Microsoft DHTML Drag-and-Drop events insufficiently validated
Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system.
Microsoft Drag-and-Drop events do not properly validate objects before placing them on a user's system. For more information concerning Drag-and-Drop vulnerabilities please refer to VU#526089 and VU#413886. According to Microsoft
The update for the "Drag-and-Drop Vulnerability" (CAN-2005-0053) comes in two parts. It is addressed in part in this security bulletin. This security bulletin [MS05-008], together with security bulletin MS05-014, makes up the update for CAN-2005-0053. These updates do not have to be installed in any particular order. However, we recommend that you install both updates.
MS05-014 creates and installs a list of file types within Internet Explorer that are allowed to be transferred via a Drag-and-Drop event.
MS05-008 introduces a more strict validation procedure for Drag-and-Drop events within the Windows shell.
For more information on these vulnerabilities and their remediation, please see MS05-014 and MS05-008, as well as MS04-038.
If a remote attacker can persuade a user to access a specially crafted web page, that attacker may be able to write arbitrary files to the local file system.
Consider Workarounds Described in Knowledge Base Article 888534
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Feb 2005|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletins MS05-014 and MS05-008. Microsoft acknowledged Michael Krax as a reporter of CAN-2005-0053.
- CVE IDs: CAN-2005-0053
- Date Public: 08 Feb 2005
- Date First Published: 08 Feb 2005
- Date Last Updated: 09 Feb 2005
- Severity Metric: 28.12
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.