Oval Definition:oval:org.mitre.oval:def:4726
Revision Date:2007-11-13Version:44
Title:Server 2003/64-bit XP Drag-and-Drop Vulnerability
Description:Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-0053
Platform(s):Microsoft Windows Server 2003
Product(s):Windows Messenger
Definition Synopsis
  • Software section
  • Windows Server 2003 or Windows XP 64-Bit Edition Version 2003
  • Windows Server 2003 is installed
  • OR Windows XP 64-bit
  • Windows XP is installed
  • AND a version of Windows for the ia64 architecture is installed
  • AND the version of shell32.dll is less than 6.0.3790.241
  • AND Configuration section
  • NOT Drag-and-Drop disabled when set to 3
  • AND ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK