Race Condition Vulnerability in Microsoft Internet Explorer: Arbitrary File Overwrite and Code Execution via User-Assisted Drag-and-Drop Action

CVE-2005-3240 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

Learn more about our User Device Pen Test.