Drag and Drop Information Disclosure Vulnerability in Microsoft Internet Explorer 6-8

Drag and Drop Information Disclosure Vulnerability in Microsoft Internet Explorer 6-8

CVE-2011-1258 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."

Learn more about our Web App Pen Testing.