• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Tutorials - HowTo › Microsoft Internet Explorer Drag-and-Drop Vulnerability

Microsoft Internet Explorer Drag-and-Drop Vulnerability

Myantispyware team February 13, 2006     No Comment    

Microsoft Internet Explorer suffers from a vulnerability in its handling of certain drag-and-drop events. As a result, it is possible for a malicious web site to predict and exploit the timing of a drag-and-drop operation such that any drag operation (including using scroll-bars) could potentially lead to the installation of arbitrary files in sensitive locations that may enable further system compromise.

Affected Systems:
* Microsoft Internet Explorer 5.01
* Microsoft Internet Explorer 5.5
* Microsoft Internet Explorer 6.0
– Windows 98
– Windows 98 Second Edition
– Windows Millennium Edition
– Windows 2000
– Windows XP
– Windows Server 2003

How to block Drag-and-Drop Vulnerability:
1. Set a Kill Bit on the Shell.Explorer Control
Setting a kill bit on this control will prevent Internet Explorer from displaying the rich folder view interface that gives rise to this attack. For more information about setting kill bits, please see Microsoft Knowledge Base Article 240797: http://support.microsoft.com/kb/240797

The CLSID of this component as deployed on Windows XP is: {8856F961-340A-11D0-A96B-00C04FD705A2}

Tools to automate the process of setting this kill bit have been provided at: http://student.missouristate.edu/m/matthew007/tools/shellkill.zip PGP signature: http://student.missouristate.edu/m/matthew007/tools/shellkill.zip.asc

Included in this archive are an Administrative Template (.adm) and a VBScript file (.vbs) which implement this setting. The Administrative Template also allows an administrator to work around a specific case of functionality loss caused by the implementation of this workaround. Instructions on using both files are contained within the readme file in the archive.

IMPACT:

This workaround will cause Internet Explorer to no longer render folder views for local directories, network file shares, FTP directories and web folders by default. The ability to browse FTP directories in Internet Explorer can be restored by clearing the “Enable Folder View for FTP Sites” option in Internet Explorer’s “Advanced” options. However, this countermeasure is known to expose another security vulnerability that does not appear to have been fixed as of this writing: http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005321.html

For ordinary browsing purposes, the Windows Explorer tool is unaffected by this change. This defensive measure has been successfully implemented in at least one commercial software product and tested on a significant scale prior to the release of this advisory. Therefore, it is the belief of the author that potential loss of functionality *should* be minimal. As with all measures, you are encouraged to test the impact of this workaround prior to making any decision about deployment.

2. Prevent Automatic Navigation to Local Intranet Zone (Windows XP SP2, Windows Server 2003 SP1)
This workaround will prevent Internet content in Internet Explorer from automatically navigating to URLs within the Local Intranet Zone. This effectively prevents the introduction of malicious code to the local system via the network redirector. To implement this workaround, follow these steps:
1. In Internet Explorer’s Tools menu, choose “Internet Options…”

2. Select the “Security” tab and choose “Local Intranet”

3. Click the “Custom Level” button

4. Set the “Web sites in less privileged content zone can navigate into this zone” setting to “Disable” or “Prompt”.

5. Click OK to close any dialogs and optionally, close Internet Explorer.

IMPACT:

This workaround will block or prompt before allowing any navigation to LAN resources from the Internet Zone. Direct access to LAN resources continues to function normally. As a result of this workaround, attempts to access local intranet content (for instance, web applications on corporate Intranets) from web sites outside of the LAN will fail or produce prompts, depending upon the chosen setting.

3. Disable Active Scripting
This workaround will prevent Internet content from executing script that could potentially cause the exploitation of this vulnerability. To implement this workaround, follow these steps:

1. In Internet Explorer’s Tools menu, choose “Internet Options…”

2. Select the “Security” tab and choose “Internet”

3. Click the “Custom Level” button

4. Set the “Active scripting” option to “Prompt” or “Disable”.

IMPACT:

This workaround will block or prompt before allowing web sites to execute any script statement. Scripting in more-privileged zones (Local Intranet, Trusted Sites) continues to function normally. Setting this option to “Prompt” may cause a significant increase in the number of security prompts received while browsing and may be ineffective in closing this vulnerability for users not capable of making an assessment of a web site’s relative trustworthiness.

Read more here.

Exploits & Vulnerabilities Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Your Netflix account has been suspended Scam text
Your Netflix account has been suspended Scam Text Recovery.ffm.to
SearchIT New Tab searchresults.store
How to uninstall SearchIT New Tab from Chrome, Firefox, IE, Edge
goog.urewsawani.autos malicious
Track.clickcrystal.com pop-up redirect (Virus removal guide)
Legivenestatery.com Click Allow Scam
Legivenestatery.com Virus Removal Guide
Advaguru.com Click allow Scam
Advaguru.com Virus Removal Guide

Follow Us

Search

Useful Guides

DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Malwarebytes won’t install, run or update – How to fix it
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
Best free malware removal tools
Best Free Malware Removal Tools 2020
How to reset Google Chrome settings to default

Recent Posts

HTML Help Workshop vulnerability – Found New Exploit
New Bagle – W32/Bagle.FM@mm, Email-Worm.Win32.Bagle.fm mass-mailer found
How to remove SpyFalcon
Adware SE 08.02.2006 update now available
Sun Java JRE sandbox bypass vulnerability

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.