Microsoft Internet Explorer Implicit Drag and Drop File Installation Vulnerability

Microsoft Internet Explorer is reported prone to a vulnerability that may allow unauthorized installation of malicious executables. Proof-of-concepts have been released to demonstrate a vulnerability that may be exploited to entice a victim user to install a file on a victim's computer with some degree of user interaction.

Specifically, an executable may be embedded in a Web page and presented as an image object to the user. Another frame can be loaded that references a folder on the victim's file system via the anchorClick style behavior. The page will be obfuscated in such a way as to disguise the fact that when the user clicks on the image object it will implicitly drag it to the folder that has been specified.

It has been demonstrated that various other measures may be taken to limit the amount of user interaction required but the exploit hinges on the user interacting via mouse events with an object within the Web page that represents an executable to cause the executable to be moved to the folder that has been loaded in the obfuscated secondary frame.

An attacker may exploit this vulnerability to influence a target victim into unknowingly installing software in a location on the computer such as the startup foler. If the malicious executable is placed in the startup folder, it will run when the system is restarted.


Privacy Statement
Copyright 2010, SecurityFocus