A security bug in Microsoft Internet Explorer’s drag-and-drop feature could put
millions of Web surfers at risk of malicious hacker attacks, researchers
warned on Thursday.
According to a Secunia alert, the flaws,
detected and reported by http-equiv, affect IE versions
5.01, 5.5 and 6.0 on fully patched systems running Microsoft Windows XP
SP1 or SP2.
Secunia rated the flaws “highly critical” and urged IE users to
disable the browser’s Active Scripting feature.
The company said the vulnerability is caused by insufficient
validation of drag-and-drop events issued from the “Internet” zone to
local resources. An attacker could potentially plant a harmful
executable file in a user’s startup folder, which will
execute the next time Windows boots.
A proof-of-concept exploit, which plants a program in the startup
directory when a user drags a program masqueraded as an image, has been
released by http-equiv.
“Even though the PoC depends on the user performing a drag-and-drop
event, it may potentially be rewritten to use a single click as user
interaction instead,” Secunia warned.
The latest flaws closely resemble vulnerabilities discovered
last November by Chinese researcher Liu Die Yu. Those bugs, which has
since been fixed, put IE users at risk of system access, exposure of
sensitive information, cross site scripting and security bypass.