Cross-Zone Drag-and-Drop Vulnerability in Microsoft Internet Explorer
CVE-2011-2382

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 3 June 2011

Summary

This vulnerability in Microsoft Internet Explorer versions 8 and earlier, as well as the Internet Explorer 9 beta, fails to properly restrict drag-and-drop actions across different security zones. This flaw can be exploited by user-assisted remote attackers, allowing them to read sensitive cookie files through carefully crafted IFRAME elements containing file: URLs. This issue has potential implications for user privacy and security, particularly in relation to cookiejacking attacks.

References

http://www.informationweek.com/news/security/vulnerabilit...

x_refsource_MISC

http://conference.hackinthebox.org/hitbsecconf2011ams/?pa...

x_refsource_MISC

http://news.cnet.com/8301-1009_3-20066419-83.html

x_refsource_MISC

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 3, 2011