A vulnerability in the way Microsoft Internet Explorer handles drag and drop operations may allow access of arbitrary files within the Temporary Internet Files folder.
Microsoft Internet Explorer contains a vulnerability that could be exploited when handling drag and drop operations. According to Microsoft Security Bulletin ms06-072:
An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure of cached content in the Temporary Internet Files (TIF) folder if a user viewed and interacted with the Web page.
A remote, unauthenticated attacker may be able to access arbitrary files within the Temporary Internet Files folder.
Microsoft has released an update to address this issue. See Microsoft Security Bulletin ms06-072 for more details.
Disable Drag and Drop
This vulnerability was reported in Microsoft Security Bulletin ms06-072 . Microsoft credits Yorick Koster of ITsec Security Services for reporting this issue.
|Date First Published:||2006-12-13|
|Date Last Updated:||2006-12-13 20:24 UTC|