Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5456

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5456
Last Modified 05 Sep 2008 05:30:49
Published 14 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5456

Summary

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.

Vulnerable Systems

Application

  • Microsoft Ie 7


References

BID - 26062

BUGTRAQ - 20071015 Re: RE: playing for fun with <=IE7

BUGTRAQ - 20071015 RE: playing for fun with <=IE7

BUGTRAQ - 20071013 RE: playing for fun with <=IE7

BUGTRAQ - 20071012 playing for fun with <=IE7

SREASON - 3222


Last Updated: 27 May 2016 10:46:10