Vulnerability Description
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 5.0 |
References
- http://marc.info/?l=bugtraq&m=106979479719446&w=2
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://www.kb.cert.org/vuls/id/413886Third Party AdvisoryUS Government Resource
- http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
- http://www.securitytracker.com/id?1006036
- http://www.us-cert.gov/cas/techalerts/TA04-033A.htmlUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-1027?
CVE-2003-1027 is a vulnerability with a CVSS score of 10.0 (HIGH). Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.mov...
How severe is CVE-2003-1027?
CVE-2003-1027 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1027?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.