• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

Microsoft Internet Explorer Drag-and-Drop Vulnerability

Myantispyware team February 13, 2006    

Microsoft Internet Explorer suffers from a vulnerability in its handling of certain drag-and-drop events. As a result, it is possible for a malicious web site to predict and exploit the timing of a drag-and-drop operation such that any drag operation (including using scroll-bars) could potentially lead to the installation of arbitrary files in sensitive locations that may enable further system compromise.

Affected Systems:
* Microsoft Internet Explorer 5.01
* Microsoft Internet Explorer 5.5
* Microsoft Internet Explorer 6.0
– Windows 98
– Windows 98 Second Edition
– Windows Millennium Edition
– Windows 2000
– Windows XP
– Windows Server 2003

How to block Drag-and-Drop Vulnerability:
1. Set a Kill Bit on the Shell.Explorer Control
Setting a kill bit on this control will prevent Internet Explorer from displaying the rich folder view interface that gives rise to this attack. For more information about setting kill bits, please see Microsoft Knowledge Base Article 240797: http://support.microsoft.com/kb/240797

The CLSID of this component as deployed on Windows XP is: {8856F961-340A-11D0-A96B-00C04FD705A2}

Tools to automate the process of setting this kill bit have been provided at: http://student.missouristate.edu/m/matthew007/tools/shellkill.zip PGP signature: http://student.missouristate.edu/m/matthew007/tools/shellkill.zip.asc

Included in this archive are an Administrative Template (.adm) and a VBScript file (.vbs) which implement this setting. The Administrative Template also allows an administrator to work around a specific case of functionality loss caused by the implementation of this workaround. Instructions on using both files are contained within the readme file in the archive.

IMPACT:

This workaround will cause Internet Explorer to no longer render folder views for local directories, network file shares, FTP directories and web folders by default. The ability to browse FTP directories in Internet Explorer can be restored by clearing the “Enable Folder View for FTP Sites” option in Internet Explorer’s “Advanced” options. However, this countermeasure is known to expose another security vulnerability that does not appear to have been fixed as of this writing: http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005321.html

For ordinary browsing purposes, the Windows Explorer tool is unaffected by this change. This defensive measure has been successfully implemented in at least one commercial software product and tested on a significant scale prior to the release of this advisory. Therefore, it is the belief of the author that potential loss of functionality *should* be minimal. As with all measures, you are encouraged to test the impact of this workaround prior to making any decision about deployment.

2. Prevent Automatic Navigation to Local Intranet Zone (Windows XP SP2, Windows Server 2003 SP1)
This workaround will prevent Internet content in Internet Explorer from automatically navigating to URLs within the Local Intranet Zone. This effectively prevents the introduction of malicious code to the local system via the network redirector. To implement this workaround, follow these steps:
1. In Internet Explorer’s Tools menu, choose “Internet Options…”

2. Select the “Security” tab and choose “Local Intranet”

3. Click the “Custom Level” button

4. Set the “Web sites in less privileged content zone can navigate into this zone” setting to “Disable” or “Prompt”.

5. Click OK to close any dialogs and optionally, close Internet Explorer.

IMPACT:

This workaround will block or prompt before allowing any navigation to LAN resources from the Internet Zone. Direct access to LAN resources continues to function normally. As a result of this workaround, attempts to access local intranet content (for instance, web applications on corporate Intranets) from web sites outside of the LAN will fail or produce prompts, depending upon the chosen setting.

3. Disable Active Scripting
This workaround will prevent Internet content from executing script that could potentially cause the exploitation of this vulnerability. To implement this workaround, follow these steps:

1. In Internet Explorer’s Tools menu, choose “Internet Options…”

2. Select the “Security” tab and choose “Internet”

3. Click the “Custom Level” button

4. Set the “Active scripting” option to “Prompt” or “Disable”.

IMPACT:

This workaround will block or prompt before allowing web sites to execute any script statement. Scripting in more-privileged zones (Local Intranet, Trusted Sites) continues to function normally. Setting this option to “Prompt” may cause a significant increase in the number of security prompts received while browsing and may be ineffective in closing this vulnerability for users not capable of making an assessment of a web site’s relative trustworthiness.

Read more here.

Exploits & Vulnerabilities Tutorials - HowTo

 Previous Post

HTML Help Workshop vulnerability – Found New Exploit

Next Post 

Hoster – Hosts File Manager

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Ofliker.co.in Virus Removal Guide
scam alert
Remove Searchvaultly.com Redirect: Chrome, Edge, Firefox
Split Max AC Reviews, Scam or Legit, Uncovering the Truth!
Nusayin Cooling Ace Review: Scam or Legit? What You Need to Know
Imwing Cooling Ace Reviews, Scam or Legit, Uncovering the Truth!

Follow Us

Search

Useful Guides

browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
Best free malware removal tools
Best Free Malware Removal Tools 2025
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide

Recent Guides

HTML Help Workshop vulnerability – Found New Exploit
New Bagle – W32/Bagle.FM@mm, Email-Worm.Win32.Bagle.fm mass-mailer found
How to remove SpyFalcon
Adware SE 08.02.2006 update now available
Sun Java JRE sandbox bypass vulnerability

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.