Microsoft Internet Explorer bypass file download warning

ie-file-warning-bypass (18897) The risk level is classified as MediumMedium Risk

Description:

Microsoft Internet Explorer version 6.0.2900.2180 running on Windows XP SP2 could allow a remote attacker to bypass the file download security warning and download arbitrary files to a victim's system. A remote attacker could create a specially-crafted Web page that contains a BODY tag that uses an onclick event to invoke the createElement function, which would create an IFRAME window that references a malicious file. This could allow the attacker to download arbitrary files to the victim's system, without warning, once the victim visits and clicks anywhere on the body of the malicious Web page.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Microsoft Internet Explorer, available from the Microsoft Internet Explorer Web site. See References.

References:

  • Full-Disclosure Mailing List, Fri Jan 14 2005 - 01:53:00 CST : Internet Explorer (SP2) - Remote File Download Information Bar Bypass.
  • BID-10580: Sun Enterprise Storage Manager Local Unspecified Privilege Escalation Vulnerability
  • BID-12264: Microsoft Internet Explorer Dynamic IFRAME File Download Security Warning Bypass Weakness
  • CVE-2004-1345: Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the ESMUser role to gain root access.
  • CVE-2005-0110: Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
  • SA11935: Sun StorEdge ESM Unspecified Privilege Escalation Vulnerability
  • US-CERT VU#976470: Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access

Platforms Affected:

  • Microsoft Internet Explorer 6.0.2900.2180
  • Microsoft Windows XP SP2

Reported:

Jan 14, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page