Vulnerability in N/a
CVE-2006-3281
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequ…
EPSS: 0.627 (98.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20060627 IE_ONE_MINOR_ONE_MAJOR (mailing-list, x_refsource_FULLDISC)
- 20825 (x_refsource_SECUNIA, third-party-advisory)
- VU#655100 (x_refsource_CERT-VN, third-party-advisory)
- 19389 (vdb-entry, x_refsource_BID)
- 1016388 (vdb-entry, x_refsource_SECTRACK)
- lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO… (x_refsource_MISC)
- TA06-220A (x_refsource_CERT, third-party-advisory)
- oval:org.mitre.oval:def:318 (signature, x_refsource_OVAL, vdb-entry)
- MS06-045 (x_refsource_MS, vendor-advisory)
- ie-hta-fileshare-command-execution(27456) (vdb-entry, x_refsource_XF)