Vulnerability Name:

CVE-2003-0823 (CCN-13679)

Assigned:2003-11-11
Published:2003-11-11
Updated:2021-07-23
Summary:Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Sep 10 2003 - 00:19:33 CDT
MSIE->HijackClick: 1+1=2

Source: MITRE
Type: CNA
CVE-2003-0823

Source: MITRE
Type: CNA
CVE-2003-1027

Source: BUGTRAQ
Type: UNKNOWN
20030910 MSIE->HijackClick: 1+1=2

Source: CCN
Type: SA10192
Microsoft Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
10192

Source: CCN
Type: SECTRACK ID: 1006036
Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method

Source: CCN
Type: CIAC Information Bulletin O-021
Microsoft Cumulative Security Update for Internet Explorer

Source: CCN
Type: CIAC Information Bulletin O-068
Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004]

Source: CCN
Type: US-CERT VU#413886
Microsoft Internet Explorer allows mouse events to manipulate window objects and perform drag and drop operations

Source: CERT-VN
Type: US Government Resource
VU#413886

Source: CCN
Type: Microsoft Security Bulletin MS03-048
Cumulative Security Update for Internet Explorer (832894)

Source: CCN
Type: Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)

Source: CCN
Type: Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Source: CCN
Type: Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Source: CCN
Type: Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Source: CCN
Type: Microsoft Security Bulletin MS05-008
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Source: CCN
Type: Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)

Source: CCN
Type: Microsoft Security Bulletin MS05-016
Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-049
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-045
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

Source: CCN
Type: Microsoft Security Bulletin MS06-057
Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-006
Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: BUGTRAQ
Type: UNKNOWN
20030911 LiuDieYu's missing files are here.

Source: CCN
Type: BID-9009
Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability

Source: SECTRACK
Type: UNKNOWN
1006036

Source: MS
Type: UNKNOWN
MS03-048

Source: XF
Type: UNKNOWN
ie-dragdrop-file-save(13679)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:368

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:369

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:370

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:371

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:372

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:588

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:733

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:368
    V
    IE v5.01,SP2 HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:372
    V
    IE v6.0,SP1 HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:369
    V
    IE v5.01,SP3 HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:588
    V
    IE v6.0,SP1 (Server 2003) HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:370
    V
    IE v5.01,SP4 HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:733
    V
    IE v6.0 (XP) HijackClick Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:371
    V
    IE v5.5,SP2 HijackClick Vulnerability
    2014-02-24
    BACK
    microsoft internet explorer 5.0.1 sp1
    microsoft internet explorer 5.0.1 sp3
    microsoft internet explorer 5.5
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.5 sp1
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 5.0.1
    microsoft internet explorer 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0
    microsoft ie 5.5 sp2
    microsoft ie 6.0 sp1
    microsoft ie 5.01 sp3
    microsoft ie 5.01 sp4
    microsoft ie 5.01 sp2