Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0309

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0309
Last Modified 07 Mar 2011 09:12:26
Published 09 Jun 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0309

Summary

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 6.0.2800


References

CERT-VN - VU#251788

XF - ie-frame-restrictions-bypass(12019)

BID - 7539

MS - MS03-020

SECUNIA - 8807

NTBUGTRAQ - 20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED

BUGTRAQ - 20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]


Last Updated: 27 May 2016 10:37:52