When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

HijackClick 3 Exploit for Internet Explorer

Thanks to Rafael for bringing this to my attention

The HijackClick series have been used to force a drag and drop event simply from the user clicking a something. This is done by moving the window when nmousedown fires. Previously, window.moveBy/To has been used.

Microsoft patched MSHTML.DLL and IEXPLORE.EXE but failed to patch the show() function method cache part too. Meaning that exploiters can make it show the popup on loading of the main window, move the popup and show a favorites list on mousedown, and set a timer to hide the favorites list and taunt the victim who just got tricked into adding a link of our choice to their favorites list.

Another day and another Internet Explorer vulnerability.

View: HijackClick 3 Exploit - See for yourself

View: Information on HijackClick 3 at BugTraq

View: Firefox - the browser, reloaded

News source: SecurityFocus

Report a problem with article
Next Article

Gmail Vulnerability Reported

Previous Article

Uninstall Messenger 1.0.0