Internet Security Software - Computer Security Software - Security Software
Software Security Solutions background
 
 
LinkScanner
LinkScanner Resource Center
LinkScanner Support
LinkScanner White Papers
LinkScanner Press Releases
LinkScanner Manual
Free Trial
Empty Cart Cart

mountains

LinkScanner Knowledge Base


spacer

Exploit: IE drag&drop (CVE-2005-3240)
Dated Posted:

04.10.2007
Posted By:

Roger Thompson - CTO
Category:

Research
 
 

This exploit uses javascript to try and entice the user to drag a program from a remote server and drop it mistakenly in a local Windows folder, the goal being to stealthily install a program on the system. This exploit requires user interaction and careful timing on the part of the exploitive code, to obscure what is really happening. As such it is difficult and unlikely to have the exploit reliably succeed. This exploit was publicly disclosed on 14 February, 2006 after having been reported to Microsoft back on 3 August, 2005. It effects versions 5.01, 5.5 and 6 of Internet Explorer and had not been patched as of early 2007. Previous similar exploits, easier to reliably implement, had already been patched by Microsoft in 2004 before this one was discovered.

(CVE-2005-3240)
   

 

Return to Knowledge Base

Anti Virus Software | Eset NOD32 | Kaspersky | Eset Smart Security | Spyware Removal Software | Spysweeper
Remove Adware |LinkScanner | LinkScanner Online | Firewalls | Outpost | SonicWALL | Disaster Recovery
Spam Blocker | Security Tools | Computer Security Tips | Layered Security Model | Security Software Resources
Solution Certifications | Trusted Reviews | Security Goal | Security Links
Partners | Press Releases | White Papers | About Us Home


Contact Software Security Solutions at (303) 232-9070
Site Map | Privacy Policy | Legal Notice | Home

© 2008 Software Security Solutions. All rights reserved.