'Drag-and-Drop' IE flaw persists
InternetNews | at | by Mike
Microsoft officials confirmed the existence of two vulnerabilities within Internet Explorer 6.0 that affect all versions of Windows, including Windows XP Service Pack 2 users. It's a continuation of the "drag-and-drop" flaw security officials at Microsoft have spent more than two months fixing.
The first vulnerability is caused by insufficient validation of drag-and-drop events from the "Internet Zone" to the "Local Computer" zone, the report states. Images or files downloaded by a user can be embedded with HTML code containing arbitrary scripts and bypass the security measures in place.