Folder GUID Code Execution VulnerabilityID: oval:org.mitre.oval:def:318 | Date: (C)2006-08-11 (M)2022-03-21 |
Class: VULNERABILITY | Family: windows |
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (\\\%2e\\\%2e\\\%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |