Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system.
Microsoft Drag-and-Drop events do not properly validate objects before placing them on a user's system. For more information concerning Drag-and-Drop vulnerabilities please refer to VU#526089 and VU#413886. According to Microsoft
The update for the "Drag-and-Drop Vulnerability" (CAN-2005-0053) comes in two parts. It is addressed in part in this security bulletin. This security bulletin [MS05-008], together with security bulletin MS05-014, makes up the update for CAN-2005-0053. These updates do not have to be installed in any particular order. However, we recommend that you install both updates.
If a remote attacker can persuade a user to access a specially crafted web page, that attacker may be able to write arbitrary files to the local file system.
Consider Workarounds Described in Knowledge Base Article 888534
This vulnerability was reported in Microsoft Security Bulletins MS05-014 and MS05-008. Microsoft acknowledged Michael Krax as a reporter of CAN-2005-0053.
This document was written by Jeff Gennari based on information from Microsoft Security Bulletins MS05-014 and MS05-008.
|Date First Published:||2005-02-09|
|Date Last Updated:||2005-02-09 20:12 UTC|