ID CVE-2003-1027
Summary Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.0
    cpe:2.3:a:microsoft:ie:5.0
  • Microsoft Internet Explorer 5.0.1
    cpe:2.3:a:microsoft:ie:5.0.1
  • Microsoft Internet Explorer 5.0.1 SP1
    cpe:2.3:a:microsoft:ie:5.0.1:sp1
  • Microsoft Internet Explorer 5.0.1 SP2
    cpe:2.3:a:microsoft:ie:5.0.1:sp2
  • Microsoft Internet Explorer 5.0.1 SP3
    cpe:2.3:a:microsoft:ie:5.0.1:sp3
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • Microsoft Internet Explorer 5.5 SP1
    cpe:2.3:a:microsoft:ie:5.5:sp1
  • Microsoft Internet Explorer 5.5 SP2
    cpe:2.3:a:microsoft:ie:5.5:sp2
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
  • cpe:2.3:a:microsoft:ie:6.0:sp1
    cpe:2.3:a:microsoft:ie:6.0:sp1
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
oval via4
  • accepted 2014-02-24T04:03:21.798-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:527
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v5.01,SP2 Function Pointer Drag and Drop Vulnerability
    version 67
  • accepted 2014-02-24T04:03:21.885-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:529
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v5.01,SP3 Function Pointer Drag and Drop Vulnerability
    version 67
  • accepted 2014-02-24T04:03:21.956-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:530
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v5.01,SP4 Function Pointer Drag and Drop Vulnerability
    version 67
  • accepted 2014-02-24T04:03:22.035-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:531
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v5.5,SP2 Function Pointer Drag and Drop Vulnerability
    version 65
  • accepted 2014-02-24T04:03:22.205-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:532
    status accepted
    submitted 2004-02-03T05:00:00.000-04:00
    title IE v6.0 Function Pointer Drag and Drop Vulnerability
    version 66
  • accepted 2014-02-24T04:03:22.343-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:534
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v6.0,SP1 Function Pointer Drag and Drop Vulnerability
    version 67
  • accepted 2014-02-24T04:03:24.754-05:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
    family windows
    id oval:org.mitre.oval:def:629
    status accepted
    submitted 2004-02-03T12:00:00.000-04:00
    title IE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop Vulnerability
    version 68
refmap via4
bugtraq
  • 20031125 HijackClickV2 - a successor of HijackClick attack
  • 20031201 Comments on 5 IE vulnerabilities
cert TA04-033A
cert-vn VU#413886
misc http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
ms MS04-004
sectrack 1006036
xf ie-method-perform-actions(13844)
Last major update 17-10-2016 - 22:39
Published 20-01-2004 - 00:00
Last modified 12-10-2018 - 17:33
Back to Top