| Vulnerability Name: | CVE-2003-1027 (CCN-13679) | ||||||||||||||||||||||||||||||||
| Assigned: | 2003-11-11 | ||||||||||||||||||||||||||||||||
| Published: | 2003-11-11 | ||||||||||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||||||||||
| Summary: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Sep 10 2003 - 00:19:33 CDT MSIE->HijackClick: 1+1=2 Source: MITRE Type: CNA CVE-2003-0823 Source: MITRE Type: CNA CVE-2003-1027 Source: BUGTRAQ Type: UNKNOWN 20031125 HijackClickV2 - a successor of HijackClick attack Source: BUGTRAQ Type: UNKNOWN 20031201 Comments on 5 IE vulnerabilities Source: CCN Type: SA10192 Microsoft Internet Explorer Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1006036 Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method Source: CCN Type: CIAC Information Bulletin O-021 Microsoft Cumulative Security Update for Internet Explorer Source: CCN Type: CIAC Information Bulletin O-068 Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004] Source: CCN Type: US-CERT VU#413886 Microsoft Internet Explorer allows mouse events to manipulate window objects and perform drag and drop operations Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#413886 Source: CCN Type: Microsoft Security Bulletin MS03-048 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) Source: CCN Type: Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: MISC Type: UNKNOWN http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2 Source: CCN Type: BID-9009 Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability Source: SECTRACK Type: UNKNOWN 1006036 Source: CERT Type: US Government Resource TA04-033A Source: MS Type: UNKNOWN MS04-004 Source: XF Type: UNKNOWN ie-dragdrop-file-save(13679) Source: XF Type: UNKNOWN ie-method-perform-actions(13844) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:527 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:529 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:530 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:531 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:532 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:534 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:629 | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||