CVE-2003-1027

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
59.9%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: January 20, 2004 (8150 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."

CWE

NVD-CWE-Other

Affected Products

microsoft iemicrosoft internet explorer

References

🔗 marc.info 🔗 marc.info 🔗 www.kb.cert.org 🔗 www.safecenter.net 🔗 www.securitytracker.com