Vulnerabilities > CVE-2004-1331 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-11/0260.html
- http://www.frsirt.com/exploits/20041119.IESP2Unpatched.php
- http://www.kb.cert.org/vuls/id/743974
- http://secunia.com/advisories/13203/
- http://www.securityfocus.com/bid/11686
- http://securityreason.com/securityalert/3220
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18181