Microsoft Internet Explorer 9 and previous versions does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote malicious users to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 8 |
||
microsoft internet explorer 5 |
||
microsoft ie 9 |
||
microsoft internet explorer 7 |
||
microsoft internet explorer 6 |
||
microsoft internet explorer 3.0 |
||
microsoft internet explorer 4.0 |
||
microsoft internet explorer |