Microsoft IE Download Window Filename Filetype Spoofing

2004-07-11T07:15:39
ID OSVDB:7776
Type osvdb
Reporter Paul(paul@greyhats.cjb.net), Georgi Guninski(guninski@guninski.com)
Modified 2004-07-11T07:15:39

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw related to the download dialog that may allow an attacker to spoof the content of such a download dialog using the Window.createPopup() function, tricking a user in downloading and executing a malicious file. No further details have been provided.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable active scripting.

Short Description

Microsoft Internet Explorer contains a flaw related to the download dialog that may allow an attacker to spoof the content of such a download dialog using the Window.createPopup() function, tricking a user in downloading and executing a malicious file. No further details have been provided.

References:

Secunia Advisory ID:7277 Related OSVDB ID: 7853 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0106.html Keyword: DLWinSpoof CVE-2001-1410