Описание
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-3281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27456
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
- http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
- http://secunia.com/advisories/20825
- http://securitytracker.com/id?1016388
- http://www.kb.cert.org/vuls/id/655100
- http://www.securityfocus.com/bid/19389
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.vupen.com/english/advisories/2006/2553
Связанные уязвимости
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.