• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability

Solution:
Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to follow Microsoft.s guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details:

http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

** UPDATE: The previous bulletin MS04-004 has been superseded with bulletins MS05-008 and MS05-014. These bulletins contain new fixes for Internet Explorer and the operating system. Users are advised to apply these new updates.

Nortel Networks has released security advisory 2005005511-2 acknowledging this issue. Please the referenced advisory for further information.


Microsoft Windows XP Media Center Edition SP2

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows XP Tablet PC Edition SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows XP Media Center Edition SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC -4B75-A255-72DD0AB52FF3&displaylang=en

Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows 98, Windows NT and Wi
  For Microsoft Windows 98, Windows 98 Second Edition, Windows ME, and Windows NT4 Server.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=DE8D94C4-7F58 -4CE7-B8BD-51CFD795B03E&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP and Windows 2000 (
  For Microsoft Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP, and Windows XP Service Pack 1.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1404E6-F5D4 -4FED-9573-DD83F2DFF074&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB834707)
  For Microsoft Windows XP SP1 64-bit.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C05103E8-4402 -4D54-BA03-FBBC24142E4D&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
  For Microsoft Windows Server 2003 Family.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98 -49AD-A61F-4F82A4014412&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)
  For Microsoft Windows Server 2003 Family (64-bit).
  http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513 -4E30-A3EA-87D4BF7F9730&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP/2000 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320 -4322-B437-F3A61E62F567


• Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7EAE62C0-3DA0 -4BAC-B2FE-ECE89959053D

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Security Update for Internet Explorer 6 (KB834707)
  For Windows XP.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=A89CFBE8-C299 -415D-A9D6-7CC6429C547D&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
  For Microsoft Windows Server 2003 Family.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98 -49AD-A61F-4F82A4014412&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)
  For Microsoft Windows Server 2003 Family (64-bit).
  http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513 -4E30-A3EA-87D4BF7F9730&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4DC0FE8A-9D03 -4AB8-8EAF-C85FF25CB1A2


• Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB867282)
  http://www.microsoft.com/downloads/details.aspx?familyid=E3C4DA1F-6FA2 -4A2B-A6D9-24B599C353B3&displaylang=en

Microsoft Internet Explorer 5.5 SP2

• Microsoft Cumulative Security Update for Internet Explorer 5.5 Service Pack 2 (KB834707) - English
  For Microsft Windows Millennium Edition.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=BE27F77C-3C2D -45F1-86DF-2B71799DA169&displaylang=en

Microsoft Windows XP 64-bit Edition SP1

• Microsoft Security Update for Windows XP 64-bit Edition (KB890047)
  May also be applicable to Windows XP 64-Edition SP0 - Microsoft does not specify.
  http://www.microsoft.com/downloads/details.aspx?familyid=B6DAA99A-6E0B -477D-99E9-5237BCF57762&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows 2000 Professional SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Windows XP Home SP2

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows Server 2003 Web Edition

• Microsoft Security Update for Windows Server 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0 -42A6-844B-F80D6168E25E

Microsoft Windows 2000 Advanced Server SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows 2000 Server SP3

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

• Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC -4B75-A255-72DD0AB52FF3&displaylang=en

Microsoft Windows XP Professional SP2

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Windows 2000 Server SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4 -4462-A0D2-E88D38DEF807&displaylang=en

Microsoft Windows XP Professional SP1

• Microsoft Security Update for Windows XP (KB890047)
  http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B -4F91-A860-2C35A025A907&displaylang=en

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB834707)
  For Windows 2000 Service Pack 4.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=72DBE239-AF0A -42B5-B88C-A00371F6EC81&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2CBB4B-2F00 -4CD6-BB98-AD14A48B53C0

Microsoft Internet Explorer 5.0.1 SP3

• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB834707)
  For Windows 2000 Service Pack 3.
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8E8E97-4946 -4994-924B-1FB1DC1881BA&displaylang=en


• Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB867282)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=34F5BCDE-4EE2 -4EFD-BB60-F5A6BC5F56D1