MS: Information on New IE 0day


I wanted to take a second to discuss a recent posting of a security issue to some mailing lists. Matt Murphy, a well known security researcher posted an alert today regarding a “drag and drop” issue affecting Windows. I actually handled this case and worked with Matt. We’ve been working with Matt for quite some time on this issue, and I want to thank him for working with us. We’ve had some long Instant Messenger sessions and E-mail threads while we worked together to understand the issue.

To provide some insight on this issue, it is different from past drag-and-drop issues like MS05-014. For example, the issue fixed by MS05-014 could be exploited by taking a “drag-and-drop” action within IE, like using the scrollbar. This issue is different. In working with Matt and our internal teams we found this issue has very exact and specific requirements. It is only problematic in specific circumstances that require the user to take a specific action timed very precisely. Welcome to the Microsoft Security Response Center Blog! : Information on IE Drag and Drop Issue

Linked by shanmuga Tuesday, 14th February 2006 6:35AM