Users login

Create an account »


Users login

Home » Hacking News » Internet Explorer drag-and-drop flaw

Internet Explorer drag-and-drop flaw

by Nikola Strahija on February 14th, 2006 Drag-and-drop Internet Explorer vulnerability was reported to Microsoft back in August 2005, but remains unpatched. The flaw allows an attacker to run malicious code and takeover the users computer.

Mattew Murphy, who discovered the flaw, and Beyond Security company informed Microsoft of the drag-and-drop vulnerability last year. After hearing that Microsoft was not planning on issuing a patch, Beyond Security published the vulnerability, together with advisories on how to prevent the exploit from happening.

Other security experts also publicized the flaw: -A specially crafted Web site could trick a user into dragging and dropping an item from one window to the other. After the user released the mouse in the newly focused window, code could run without consent, Websense said.

Microsoft will wait to issue a fix in Service Pack 2 for Windows Server 2003 and Windows XP Service Pack 3. It seems that MS is not considering the flaw critical.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »