Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0309


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0309
Last Modified 07 Mar 2011 09:12:26
Published 09 Jun 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."

Vulnerable Systems


  • Microsoft Ie 6.0.2800


CERT-VN - VU#251788

XF - ie-frame-restrictions-bypass(12019)

BID - 7539

MS - MS03-020

SECUNIA - 8807

NTBUGTRAQ - 20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED

BUGTRAQ - 20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]

Last Updated: 27 May 2016 10:37:52