Vulnerabilities > CVE-2003-0309 - Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available

Summary

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

descriptionInternet Explorer 5/6 file:// Request Zone Bypass Vulnerability. CVE-2003-0309. Remote exploit for windows platform
idEDB-ID:22575
last seen2016-02-02
modified2003-05-09
published2003-05-09
reporterMarek Bialoglowy
sourcehttps://www.exploit-db.com/download/22575/
titleMicrosoft Internet Explorer 5/6 - file:// Request Zone Bypass Vulnerability

Oval

accepted2014-02-24T04:03:28.466-05:00
classvulnerability
contributors
  • nameTiffany Bergeron
    organizationThe MITRE Corporation
  • nameHarvey Rubinovitz
    organizationThe MITRE Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
descriptionInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
familywindows
idoval:org.mitre.oval:def:948
statusaccepted
submitted2004-04-29T12:00:00.000-04:00
titleIE File Download Dialog Vulnerability
version67