Vulnerabilities > CVE-2003-0309 - Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Internet Explorer 5/6 file:// Request Zone Bypass Vulnerability. CVE-2003-0309. Remote exploit for windows platform |
id | EDB-ID:22575 |
last seen | 2016-02-02 |
modified | 2003-05-09 |
published | 2003-05-09 |
reporter | Marek Bialoglowy |
source | https://www.exploit-db.com/download/22575/ |
title | Microsoft Internet Explorer 5/6 - file:// Request Zone Bypass Vulnerability |
Oval
accepted | 2014-02-24T04:03:28.466-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
description | Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:948 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2004-04-29T12:00:00.000-04:00 | ||||||||||||
title | IE File Download Dialog Vulnerability | ||||||||||||
version | 67 |
References
- http://www.kb.cert.org/vuls/id/251788
- http://www.securityfocus.com/bid/7539
- http://secunia.com/advisories/8807
- http://marc.info/?l=bugtraq&m=105249399103214&w=2
- http://marc.info/?l=bugtraq&m=105294081325040&w=2
- http://marc.info/?l=ntbugtraq&m=105294162726096&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12019
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A948
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020