OSVDB ID: 30815

Title: Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure

Info

Disclosure

Dec 12, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 12, 2006

Description

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when user accesses a malicious web page and performs unspecified drag and drop operations, which will disclose the path and content to the cached content located in the user's temporary internet folder information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable "Drag and Drop or copy and paste files" in Internet Explorer

Products

Microsoft Corporation	Internet Explorer	6
		5

References

Security Tracker: 1017374
CVE ID: 2006-5578 (see also: NVD)
Bugtraq ID: 21494
Secunia Advisory ID: 23288
SCIP VulDB ID: 2735
Related OSVDB ID: 30813 30814 30816
CERT VU: 694344
Microsoft Knowledge Base Article: 925454
VUPEN Advisory: ADV-2006-4966
Other Advisory URL: http://www.eeye.com/research/html/newsletters/alert/pub/AL20061212.html
http://www.symantec.com/enterprise/security_response/weblog/2006/12/microsoft_patch_tuesday_decemb.html
Microsoft Security Bulletin: MS06-072

Credit

Yorick Koster - ITsec Security Services

Direct URL: http://osvdb.org/30815

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit