CVE-2005-3240Race Condition in Microsoft IE

CWE-362Race Condition3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
10.4%
top 6.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 31
Latest updateMay 1

Description

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.01, 5.5, 6.0+2
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-6h76-2q8f-58j3: Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user2022-05-01
CVEList
CVE-2005-3240: Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user2006-02-14
CVE-2005-3240 — Race Condition in Microsoft IE | cvebase