CVE-2003-0309 - Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions an

CVE-2003-0309

Summary

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 15:02)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2014-02-24T04:03:28.466-05:00

class

vulnerability

contributors

name Tiffany Bergeron
organization The MITRE Corporation
name Harvey Rubinovitz
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:948

status

accepted

submitted

2004-04-29T12:00:00.000-04:00

title

IE File Download Dialog Vulnerability

version

refmap via4

bid	7539
bugtraq	20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] 20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
cert-vn	VU#251788
ntbugtraq	20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
secunia	8807
xf	ie-frame-restrictions-bypass(12019)

Last major update

23-07-2021 - 15:02

Published

09-06-2003 - 04:00

Last modified

23-07-2021 - 15:02