CVE-2003-1027
Last modified
CVE-2003-1027 is a vulnerability of currently unknown severity. Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.". EPSS estimates a 38.05% chance of exploitation in the next 30 days.
Description
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Ie | 6.0 | Sp1 |
| Microsoft | Internet Explorer | 5.0 | — |
| Microsoft | Internet Explorer | 5.0.1 | — |
| Microsoft | Internet Explorer | 5.5 | — |
| Microsoft | Internet Explorer | 6.0 | — |
References
- http://www.kb.cert.org/vuls/id/413886Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-033A.htmlUS Government Resource
- http://www.kb.cert.org/vuls/id/413886Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-033A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2003-1027?
How severe is CVE-2003-1027?
How do I fix CVE-2003-1027?
Are you affected by CVE-2003-1027?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST