Intrusion Prevention

MS.IE.Implicit.Drag.And.Drop.File.Installation

Description

This indicates an attack attempt to exploit an Implicit Drag and Drop vulnerability in Microsoft Internet Explorer.
The vulnerability is located in "Img" object. A remote attacker can entice a legitimate user to access a malicious web page, which can bypass zone restrictions, and inject and execute arbitrary programs.

Affected Products

Nortel Networks Symposium Web Client
Nortel Networks Symposium Web Center Portal (SWCP)
Nortel Networks Optivity Telephony Manager (OTM)
Nortel Networks Mobile Voice Client 2050
Nortel Networks IP softphone 2050
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Avaya S8100 Media Servers
Avaya S3400 Message Application Server
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Microsoft Windows XP Media Center Edition SP2
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows XP Media Center Edition SP1
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3&displaylang=en
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows 98, Windows NT and Wi
For Microsoft Windows 98, Windows 98 Second Edition, Windows ME, and Windows NT4 Server.
http://www.microsoft.com/downloads/details.aspx?FamilyId=DE8D94C4-7F58-4CE7-B8BD-51CFD795B03E&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP and Windows 2000 (
For Microsoft Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows XP, and Windows XP Service Pack 1.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1404E6-F5D4-4FED-9573-DD83F2DFF074&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB834707)
For Microsoft Windows XP SP1 64-bit.
http://www.microsoft.com/downloads/details.aspx?FamilyId=C05103E8-4402-4D54-BA03-FBBC24142E4D&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
For Microsoft Windows Server 2003 Family.
http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98-49AD-A61F-4F82A4014412&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)
For Microsoft Windows Server 2003 Family (64-bit).
http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513-4E30-A3EA-87D4BF7F9730&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP/2000 (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=E473CD05-3320-4322-B437-F3A61E62F567
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=7EAE62C0-3DA0-4BAC-B2FE-ECE89959053D
Microsoft Internet Explorer 6.0 SP2- do not use
Microsoft Cumulative Security Update for Internet Explorer for XP Service Pack 2 (KB834707)
For Microsoft Windows XP Service Pack 2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=CF47B515-3F51-43E1-9246-2C2264C49E2E&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for XP Service Pack 2 (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=82056EAB-8367-4B04-A11A-1002D14EB55B
Microsoft Windows Server 2003 Standard Edition
Microsoft Security Update for Windows Server 2003 (KB890047)
http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer 6 (KB834707)
For Windows XP.
http://www.microsoft.com/downloads/details.aspx?FamilyId=A89CFBE8-C299-415D-A9D6-7CC6429C547D&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
For Microsoft Windows Server 2003 Family.
http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98-49AD-A61F-4F82A4014412&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)
For Microsoft Windows Server 2003 Family (64-bit).
http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513-4E30-A3EA-87D4BF7F9730&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DC0FE8A-9D03-4AB8-8EAF-C85FF25CB1A2
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB867282)
http://www.microsoft.com/downloads/details.aspx?familyid=E3C4DA1F-6FA2-4A2B-A6D9-24B599C353B3&displaylang=en
Microsoft Internet Explorer 5.5 SP2
Microsoft Cumulative Security Update for Internet Explorer 5.5 Service Pack 2 (KB834707) - English
For Microsft Windows Millennium Edition.
http://www.microsoft.com/downloads/details.aspx?FamilyId=BE27F77C-3C2D-45F1-86DF-2B71799DA169&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
Microsoft Security Update for Windows XP 64-bit Edition (KB890047)
May also be applicable to Windows XP 64-Edition SP0 - Microsoft does not specify.
http://www.microsoft.com/downloads/details.aspx?familyid=B6DAA99A-6E0B-477D-99E9-5237BCF57762&displaylang=en
Microsoft Windows 2000 Advanced Server SP4
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows 2000 Professional SP3
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Security Update for Windows Server 2003 (KB890047)
http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E
Microsoft Windows XP Home SP2
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows Server 2003 Web Edition
Microsoft Security Update for Windows Server 2003 (KB890047)
http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E
Microsoft Windows 2000 Advanced Server SP3
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows XP Home SP1
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows 2000 Server SP3
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Security Update for Windows Server 2003 64-bit/Windows XP 64-bit, Version 2003 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3&displaylang=en
Microsoft Windows XP Professional SP2
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Windows 2000 Server SP4
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows 2000 Professional SP4
Microsoft Security Update for Windows 2000 (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807&displaylang=en
Microsoft Windows XP Professional SP1
Microsoft Security Update for Windows XP (KB890047)
http://www.microsoft.com/downloads/details.aspx?familyid=865B5D9D-FC5B-4F91-A860-2C35A025A907&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB834707)
For Windows 2000 Service Pack 4.
http://www.microsoft.com/downloads/details.aspx?FamilyId=72DBE239-AF0A-42B5-B88C-A00371F6EC81&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2CBB4B-2F00-4CD6-BB98-AD14A48B53C0
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB834707)
For Windows 2000 Service Pack 3.
http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8E8E97-4946-4994-924B-1FB1DC1881BA&displaylang=en
Microsoft Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB867282)
http://www.microsoft.com/downloads/details.aspx?FamilyId=34F5BCDE-4EE2-4EFD-BB60-F5A6BC5F56D1

CVE References

CVE-2004-0839