http-equiv has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to insufficient validation of drag and drop events issued from the "Internet" zone to local resources. This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user's startup folder, which will get executed the next time Windows starts up.

http-equiv has posted a PoC (Proof of Concept), which plants a program in the startup directory when a user drags a program masqueraded as an image.

mikx has posted a similar PoC, which plants a program in the startup directory when a user uses the scrollbar.

Andreas Sandblad, Secunia Research, has developed a PoC, which only requires a single click on systems running Windows XP SP1.

This vulnerability is a variant of an issue discovered by Liu Die Yu.
SA9711

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

NOTE: The vulnerability is actively being exploited in the wild.

Solution
Microsoft has issued patches (see vendor advisory or SA12806).

Provided and/or discovered by
Discovered by:
http-equiv

Another PoC provided by:
mikx

Single Click PoC developed by:
Andreas Sandblad, Secunia Research.

Changelog
Further details available in Customer Area

Original Advisory
Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area