[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97153

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2005-3240

Date: (C)2005-12-31   (M)2017-07-18
 
CVSS Score: 5.1Access Vector: NETWORK
Exploitability Subscore: 4.9Access Complexity: HIGH
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

Reference:
SECTRACK-1015049
BID-16352
SECUNIA-18787
http://www.securityfocus.com/archive/1/424863/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/424940/100/0/threaded
OSVDB-2707
ADV-2006-0553
http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html
ie-dragdrop-variant(24648)

CPE    9
cpe:/a:microsoft:ie:5.01:sp1
cpe:/a:microsoft:ie:5.01:sp2
cpe:/a:microsoft:ie:5.01
cpe:/a:microsoft:ie:5.01:sp3
...
CWE    1
CWE-362

© 2013 SecPod Technologies