Microsoft IE Download File Origin Spoofing

2002-08-23T00:00:00
ID OSVDB:5129
Type osvdb
Reporter Jouko Pynnonen(jouko@solutions.fi)
Modified 2002-08-23T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to Spoof the source of a download. The issue is triggered when specifically crafted URL is entered into Internet Explorer. It is possible that the flaw may trick the user into thinking the download is from a trusted site resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to Spoof the source of a download. The issue is triggered when specifically crafted URL is entered into Internet Explorer. It is possible that the flaw may trick the user into thinking the download is from a trusted site resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com Microsoft Security Bulletin: MS02-047 ISS X-Force ID: 9937 CVE-2002-0722 Bugtraq ID: 5559