Microsoft IE Double Slash Cache File Execution (DblSlashForCache)

2003-10-30T01:50:04
ID OSVDB:7910
Type osvdb
Reporter Liu Die Yu(liudieyuinchina@yahoo.com.cn)
Modified 2003-10-30T01:50:04

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary files. By placing a malicious file into the cache directory and adding a double slash ("\") to the CODEBASE function, the program will execute the file within the trusted MYCOMPUTER zone. It is possible that the flaw may allow execution of arbitrary files resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary files. By placing a malicious file into the cache directory and adding a double slash ("\") to the CODEBASE function, the program will execute the file within the trusted MYCOMPUTER zone. It is possible that the flaw may allow execution of arbitrary files resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com/ Other Advisory URL: http://www.safecenter.net/UMBRELLAWEBV4/DblSlashForCache/DblSlashForCache-Content.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0024.html Keyword: codebase local path Keyword: LocalZoneInCache Keyword: execdror5