Vulnerabilities > CVE-2003-1027 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Oval
accepted 2014-02-24T04:03:21.798-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:527 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v5.01,SP2 Function Pointer Drag and Drop Vulnerability version 68 accepted 2014-02-24T04:03:21.885-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:529 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v5.01,SP3 Function Pointer Drag and Drop Vulnerability version 68 accepted 2014-02-24T04:03:21.956-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:530 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v5.01,SP4 Function Pointer Drag and Drop Vulnerability version 68 accepted 2014-02-24T04:03:22.035-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:531 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v5.5,SP2 Function Pointer Drag and Drop Vulnerability version 66 accepted 2014-02-24T04:03:22.205-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:532 status accepted submitted 2004-02-03T05:00:00.000-04:00 title IE v6.0 Function Pointer Drag and Drop Vulnerability version 67 accepted 2014-02-24T04:03:22.343-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:534 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v6.0,SP1 Function Pointer Drag and Drop Vulnerability version 68 accepted 2014-02-24T04:03:24.754-05:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." family windows id oval:org.mitre.oval:def:629 status accepted submitted 2004-02-03T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop Vulnerability version 69
References
- http://www.kb.cert.org/vuls/id/413886
- http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
- http://www.us-cert.gov/cas/techalerts/TA04-033A.html
- http://www.securitytracker.com/id?1006036
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://marc.info/?l=bugtraq&m=106979479719446&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004