Intrusion Prevention

MS.IE.Valid.File.DragDrop.Code.Embedded

Description

This indicates a possible exploit of a vulnerability in the drag-and-drop feature of Microsoft Internet Explorer.
The vulnerability is due to the application's failure to validate drag and drop events. An attacker may create a malicious web page and send it to a potential victim as an email or a web link. If the user visits the malicious web site or views the malicious e-mail message, the attacker may be able to save a file on the user's system and execute arbitrary code.

Affected Products

Microsoft Internet Explorer 5.01, 5.5, and 6

Impact

Compromised of the affected system.

Recommended Actions

Apply the security patch to the system as given in the Microsoft bulletins MS05-008 and MS05-014.

CVE References

CVE-2005-0053