Help
Quote
Websense Security Labs™ has received reports of a new Internet Explorer "zero-day" vulnerability which could allow the launching of code without consent from the end-user. The vulnerability...is similar to the "drag-and-drop" vulnerability that has been exploited in the past.
As the vulnerability outlines, a specially crafted website would have to dupe a user into dragging and dropping an item from one window to the other. Upon releasing the mouse in the newly focused window the code will run without consent.
As the vulnerability outlines, a specially crafted website would have to dupe a user into dragging and dropping an item from one window to the other. Upon releasing the mouse in the newly focused window the code will run without consent.
websensesecuritylabs.com
Internet Explorer Drag-and-Drop Redeux
Back to top
