CVE-2005-3240 - Vulnerability Details - OpenCVE

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Ie Internet Explorer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

No data.

References

Link	Providers
http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx
http://secunia.com/advisories/18787
http://securitytracker.com/id?1015049
http://www.osvdb.org/2707
http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html
http://www.securityfocus.com/archive/1/424863/100/0/threaded
http://www.securityfocus.com/archive/1/424940/100/0/threaded
http://www.securityfocus.com/bid/16352
http://www.vupen.com/english/advisories/2006/0553
https://exchange.xforce.ibmcloud.com/vulnerabilities/24648

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-14T11:00:00

Updated: 2024-08-07T23:01:59.076Z

Reserved: 2005-10-17T00:00:00

Link: CVE-2005-3240

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-3240

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-13T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060213 Internet Explorer drag&drop 0day", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"}, {"name": "ADV-2006-0553", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0553"}, {"name": "18787", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18787"}, {"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"}, {"name": "16352", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16352"}, {"name": "ie-dragdrop-variant(24648)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"}, {"name": "1015049", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015049"}, {"name": "2707", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/2707"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3240", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060213 Internet Explorer drag&drop 0day", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"}, {"name": "ADV-2006-0553", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0553"}, {"name": "18787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18787"}, {"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"}, {"name": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html", "refsource": "MISC", "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"}, {"name": "16352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16352"}, {"name": "ie-dragdrop-variant(24648)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"}, {"name": "1015049", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015049"}, {"name": "2707", "refsource": "OSVDB", "url": "http://www.osvdb.org/2707"}, {"name": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:01:59.076Z"}, "title": "CVE Program Container", "references": [{"name": "20060213 Internet Explorer drag&drop 0day", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"}, {"name": "ADV-2006-0553", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0553"}, {"name": "18787", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18787"}, {"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"}, {"name": "16352", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16352"}, {"name": "ie-dragdrop-variant(24648)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"}, {"name": "1015049", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015049"}, {"name": "2707", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/2707"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3240", "datePublished": "2006-02-14T11:00:00", "dateReserved": "2005-10-17T00:00:00", "dateUpdated": "2024-08-07T23:01:59.076Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."}], "id": "CVE-2005-3240", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18787"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015049"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/2707"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16352"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0553"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/2707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}