Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:IE:DND-IMG

Severity

 Minor

Recommended

 No

Category

 HTTP

Keywords

 Internet Explorer Drag-and-Drop Evasion

Release Date

 2005/02/07

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Internet Explorer Drag-and-Drop Evasion


This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer drag-and-drop. Attackers can send a maliciously crafted request or host a malicious Web page to exploit this issue. A successful attack can allow attackers to execute arbitrary code. This vulnerability is detailed in Microsoft Security Bulletin MS04-038.

Extended Description

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

Affected Products

  • Microsoft ie 5.0.1 (sp1)
  • Microsoft ie 5.0.1 (sp2)
  • Microsoft ie 5.0.1 (sp3)
  • Microsoft ie 5.0.1 (sp4)
  • Microsoft ie 5.5 (sp1)
  • Microsoft ie 5.5 (sp2)
  • Microsoft ie 6.0 (sp1)
  • Microsoft ie 6.0 (sp2)
  • Microsoft windows_2000 (:advanced_server)
  • Microsoft windows_2000 (:datacenter_server)
  • Microsoft windows_2000 (:professional)
  • Microsoft windows_2000 (:server)
  • Microsoft windows_2000 (sp1)
  • Microsoft windows_2000 (sp1:advanced_server)
  • Microsoft windows_2000 (sp1:datacenter_server)
  • Microsoft windows_2000 (sp1:professional)
  • Microsoft windows_2000 (sp1:server)
  • Microsoft windows_2000 (sp2)
  • Microsoft windows_2000 (sp2:advanced_server)
  • Microsoft windows_2000 (sp2:datacenter_server)
  • Microsoft windows_2000 (sp2:professional)
  • Microsoft windows_2000 (sp2:server)
  • Microsoft windows_2000 (sp3)
  • Microsoft windows_2000 (sp3:advanced_server)
  • Microsoft windows_2000 (sp3:datacenter_server)
  • Microsoft windows_2000 (sp3:professional)
  • Microsoft windows_2000 (sp3:server)
  • Microsoft windows_2000 (sp4)
  • Microsoft windows_2000 (sp4:advanced_server)
  • Microsoft windows_2000 (sp4:datacenter_server)
  • Microsoft windows_2000 (sp4:professional)
  • Microsoft windows_2000 (sp4:server)
  • Microsoft windows_2003_server enterprise
  • Microsoft windows_2003_server enterprise (:64-bit)
  • Microsoft windows_2003_server enterprise_64-bit
  • Microsoft windows_2003_server r2
  • Microsoft windows_2003_server r2 (:64-bit)
  • Microsoft windows_2003_server r2 (:datacenter_64-bit)
  • Microsoft windows_2003_server standard
  • Microsoft windows_2003_server standard (:64-bit)
  • Microsoft windows_2003_server web
  • Microsoft windows_98 (gold)
  • Microsoft windows_98se
  • Microsoft windows_me
  • Microsoft windows_xp (:64-bit)
  • Microsoft windows_xp (gold)
  • Microsoft windows_xp (gold:professional)
  • Microsoft windows_xp (:home)
  • Microsoft windows_xp (:media_center)
  • Microsoft windows_xp (sp1)
  • Microsoft windows_xp (sp1:64-bit)
  • Microsoft windows_xp (sp1:home)
  • Microsoft windows_xp (sp1:media_center)
  • Microsoft windows_xp (sp2)
  • Microsoft windows_xp (sp2:home)
  • Microsoft windows_xp (sp2:media_center)
  • Microsoft windows_xp (sp2:tablet_pc)

References

  • BugTraq: 11466
  • CVE: CVE-2005-0053
  • URL: http://www.microsoft.com/technet/security/Bulletin/MS05-008.mspx
  • URL: http://www.kb.cert.org/vuls/id/698835

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out