Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html | mailing list |
| http://secunia.com/advisories/20825 | third party advisory vendor advisory |
| http://www.kb.cert.org/vuls/id/655100 | third party advisory us government resource |
| http://www.securityfocus.com/bid/19389 | vdb entry |
| http://securitytracker.com/id?1016388 | vdb entry |
| http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj | exploit |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | third party advisory us government resource |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318 | vdb entry signature |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045 | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27456 | vdb entry |
| http://www.vupen.com/english/advisories/2006/2553 | vdb entry vendor advisory |