|
|
CVE Reference: CVE-2006-3281 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3281 |
|
|
Description: Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27456 ST 1016388 SAID Secunia Advisory: SA20825 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:318 MS http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx MISC http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html CERT-VN 655100 CERT http://www.us-cert.gov/cas/techalerts/TA06-220A.html BID 19389 |
|
| Return to the previous page. |
