Microsoft Internet Explorer Drag-and-Drop code execution

By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.