Vulnerability Name: | CVE-2003-0823 (CCN-13679) | ||||||||||||||||||||||||||||||||
Assigned: | 2003-11-11 | ||||||||||||||||||||||||||||||||
Published: | 2003-11-11 | ||||||||||||||||||||||||||||||||
Updated: | 2021-07-23 | ||||||||||||||||||||||||||||||||
Summary: | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Sep 10 2003 - 00:19:33 CDT MSIE->HijackClick: 1+1=2 Source: MITRE Type: CNA CVE-2003-0823 Source: MITRE Type: CNA CVE-2003-1027 Source: BUGTRAQ Type: UNKNOWN 20030910 MSIE->HijackClick: 1+1=2 Source: CCN Type: SA10192 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 10192 Source: CCN Type: SECTRACK ID: 1006036 Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method Source: CCN Type: CIAC Information Bulletin O-021 Microsoft Cumulative Security Update for Internet Explorer Source: CCN Type: CIAC Information Bulletin O-068 Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004] Source: CCN Type: US-CERT VU#413886 Microsoft Internet Explorer allows mouse events to manipulate window objects and perform drag and drop operations Source: CERT-VN Type: US Government Resource VU#413886 Source: CCN Type: Microsoft Security Bulletin MS03-048 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) Source: CCN Type: Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: BUGTRAQ Type: UNKNOWN 20030911 LiuDieYu's missing files are here. Source: CCN Type: BID-9009 Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability Source: SECTRACK Type: UNKNOWN 1006036 Source: MS Type: UNKNOWN MS03-048 Source: XF Type: UNKNOWN ie-dragdrop-file-save(13679) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:368 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:369 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:370 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:371 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:372 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:588 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:733 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |