|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
window.createPopup()
|
|
Description |
Microsoft Internet Explorer contains a flaw that may allow a malicious user to induce a drag-and-drop event within the browser. The issue is triggered when the victim clicks on a link with the popup.show() function defined as an onMouseclick event. It is possible that the flaw may allow an attacker to deliver executable code to the victim's computer without further user interaction, resulting in a loss of integrity.
|
|
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type:
Hijacking,
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Also, it is possible to correct the flaw by implementing the following workaround: Disable ActiveX controls and Active Scripting for untrusted web sites.
|
|
Products |
|
Internet Explorer
 |
5.01 SP3 |
5.01 SP4 |
5.5 SP2 |
6 |
6 SP1 |
|
|
|
|
Credit |
- Paul - paul
 greyhats.cjb.net - Personal Site
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
