CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
96.1%
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the “Function Pointer Drag and Drop Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | ie | 6.0 | cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:* |
microsoft | internet_explorer | 5.0 | cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:* |
microsoft | internet_explorer | 5.0.1 | cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* |
microsoft | internet_explorer | 5.0.1 | cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* |
microsoft | internet_explorer | 5.0.1 | cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* |
microsoft | internet_explorer | 5.0.1 | cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:* |
microsoft | internet_explorer | 5.5 | cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* |
microsoft | internet_explorer | 5.5 | cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* |
microsoft | internet_explorer | 5.5 | cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* |
microsoft | internet_explorer | 6.0 | cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=106979479719446&w=2
marc.info/?l=bugtraq&m=107038202225587&w=2
www.kb.cert.org/vuls/id/413886
www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
www.securitytracker.com/id?1006036
www.us-cert.gov/cas/techalerts/TA04-033A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
exchange.xforce.ibmcloud.com/vulnerabilities/13844
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629