CVE-2003-1027
First published: Thu Jan 08 2004(Updated: )
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.0 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.0.1-sp2 | |
| Internet Explorer | =5.0.1-sp3 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =5.5-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/413886
- http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2
- http://www.us-cert.gov/cas/techalerts/TA04-033A.html
- http://www.securitytracker.com/id?1006036
- http://marc.info/?l=bugtraq&m=107038202225587&w=2
- http://marc.info/?l=bugtraq&m=106979479719446&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13844
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004
Frequently Asked Questions
What is the severity of CVE-2003-1027?
CVE-2003-1027 is rated as a medium severity vulnerability due to its potential for allowing unauthorized actions on users' windows.
How do I fix CVE-2003-1027?
To mitigate CVE-2003-1027, users should upgrade to a non-vulnerable version of Internet Explorer or apply security patches provided by Microsoft.
Which versions of Internet Explorer are affected by CVE-2003-1027?
CVE-2003-1027 affects Internet Explorer 5.0 through 6.0 SP1.
What kind of attack does CVE-2003-1027 enable?
CVE-2003-1027 allows remote attackers to exploit drag and drop behaviors and other mouse click actions across different windows.
Is there a workaround for CVE-2003-1027 if I cannot update my Internet Explorer?
As a workaround for CVE-2003-1027, users can disable JavaScript or use alternative browsers to prevent exploitation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.0
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.0.1-sp2
- version/internet explorer/5.0.1-sp3
- version/internet explorer/5.5
- version/internet explorer/5.5-sp1
- version/internet explorer/5.5-sp2
- version/internet explorer/6.0