|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
![]() |
#1 |
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
![]() |
Microsoft Internet Explorer Drag and Drop Vulnerability
http-equiv has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient validation of drag and drop events issued from the "Internet" zone to local resources. This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user's startup folder, which will get executed the next time Windows starts up. http-equiv has posted a PoC (Proof of Concept), which plants a program in the startup directory when a user drags a program masqueraded as an image. NOTE: Even though the PoC depends on the user performing a drag and drop event, it may potentially be rewritten to use a single click as user interaction instead. This vulnerability is a variant of an issue discovered by Liu Die Yu. SA9711 The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Leggi: http://secunia.com/advisories/12321/ |
![]() |
![]() |
![]() |
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
![]() |
||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
Microsoft Internet Explorer Two Vulnerabilities | Giorgius | Sicurezza&Privacy | 0 | 21-10-2004 03.48.17 |
problemino drag and drop | top gun | Windows 9x/Me/NT4/2000 | 12 | 16-09-2004 10.58.55 |
drag & drop | boombastic | Windows 7/Vista/XP/ 2003 | 9 | 29-05-2004 10.40.13 |
mi si blocca il drag & drop! | doctorwho | Windows 7/Vista/XP/ 2003 | 4 | 02-11-2003 10.18.40 |
Drag & Drop NON VA PIU` !!!!! | mbastoni | Windows 9x/Me/NT4/2000 | 1 | 16-09-2003 21.17.50 |