Info

Disclosure

Aug 18, 2004

Discovery

Unknown

Dates

Exploit

Aug 18, 2004

Solution

Unknown

Description

Microsoft IE contains a flaw that may allow an attacker to upload a malicious file. The issue is triggered when a user attempts a drag and drop action on a malicious html page. It is possible that the flaw may allow the saving of an arbitrary file in the startup folder which will be executed after the next reboot resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation, Other
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Internet Explorer

6.0

References

Related OSVDB ID: 10704 10705 10706 10707 10708 10709 10710
Bugtraq ID: 10973
Secunia Advisory ID: 12321 12806
ISS X-Force ID: 17044
CVE ID: 2004-0839 (see also: NVD)
SCIP VulDB ID: 796
Microsoft Knowledge Base Article: 834707
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0814.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0822.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0842.html
Microsoft Security Bulletin: MS04-038 MS05-008 MS05-014

Credit

http-equiv - http-equivexcite.com -

Direct URL: http://osvdb.org/36218