IE Drag and Drop exploit v1.10 Vulnerability exploited: CAN-2004-0839 - BID-10973 Category: Exploits/Client Side This module will listen HTTP requests from vulnerable clients and install a Level0 agent on them. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install a Level0 agent by sending a specially crafted HTML page which exploits the Internet Explorer Drag and Drop vulnerability. The exploit needs the user using the vulnerable browser client scrolling down the scrollbar in order to successfully install the level0 agent. A level0 agent executable file is installed in the startup folder when the vulnerability is exploited, so you will have to wait or induce the target machine to be rebooted in order to successfully connect the agent.You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails.In order to successfully exploit this vulnerability, the outlook express option "Internet zone (Less secure, but more functional)" in "Options->SECURITY" must be enabled. By default this option comes disabled, if the victim receives the exploit's mail with this option disabled, he will see the following warning: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.". Supported Systems: Windows XP Professional - sp1 (i386) Windows XP Professional - sp2 (i386) Windows XP Home Edition - sp1 (i386) Windows XP Home Edition - sp2 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.