IE Drag-and-Drop Flaw Warning IE Users Remain at Risk of PC Takeover Attacks Ryan Naraine
A security bug in Microsoft Internet Explorer's drag-and-drop feature could put millions of Web surfers at risk of malicious hacker attacks, researchers warned on Thursday.
According to a Secunia alert, the flaws, detected and reported by http-equiv, affect IE versions 5.01, 5.5, and 6.0 on fully patched systems running Microsoft Windows XP (original, SP1, or SP2).
Secunia rated the flaws "highly critical" and urged IE users to disable the browser's Active Scripting feature.
The company said the vulnerability is caused by insufficient validation of drag-and-drop events issued from the "Internet" zone to local resources. An attacker could potentially plant a harmful executable file in a user's startup folder, which will execute the next time Windows boots.
A proof-of-concept (PoC) exploit, which plants a program in the startup directory when a user drags a program masqueraded as an image, has been released by http-equiv.
"Even though the PoC depends on the user performing a drag-and-drop event, it may potentially be rewritten to use a single click as user interaction instead," Secunia warned.
The latest flaws closely resemble vulnerabilities discovered last November by Chinese researcher Liu Die Yu. Those bugs, which have since been fixed, put IE users at risk of system access, exposure of sensitive information, cross site scripting, and security bypass.
