also @ TechSpot: IBM's Watson conquers Jeopardy, cancer and now customer service

dragDrop invocation IE vulnerability

By Thomas McGuire

On February 12, 2003, 3:10 PM

We already knew pressing the back button on IE is dangerous
(http://online.securityfocus.com/archive/1/267561) So it wont come as a total shock that so is clicking a link :) The problem lies in the dragdrop method that was added as a method on nearly all HTML elements in ie5.5 This method makes any element act like its being dragged. It is possible to abuse this behaviour to drop text in a html upload control thus allowing you to read any file from an unsuspecting users harddisk.

Would you like to know more? Thanks PivX.

No tags on this story

Post a comment

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Smartphones

Downloads and Drivers

Downloads   Drivers  

IObit Malware Fighter 2.0

Instantbird 1.4

BitTorrent Sync 1.0.134

Spybot - Search & Destroy 2.1.19

Google Chrome for Windows 27.0.1453.93

More Downloads

Latest Discussion

Which is the best smartphone to buy? 23 replies on Mobile Computing

Screen saver stop working after installing Norton 8 replies on Software Apps

External hard drive not showing up on my MacBook Pro 29 replies on Storage and Networking

How do I begin to build a custom computer? 13 replies on Other Hardware

Keyboard/Mouse Problems 5 replies on Other Hardware

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.