IE File Download Dialog VulnerabilityID: oval:org.mitre.oval:def:948 | Date: (C)2004-04-29 (M)2021-07-27 |
Class: VULNERABILITY | Family: windows |
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
Platform: |
Microsoft Windows 98 |
Microsoft Windows ME |
Microsoft Windows NT |
Microsoft Windows 2000 |
Product: |
Microsoft Internet Explorer |