The File Download Dialog Vulnerability

The File Download Dialog Vulnerability

CVE-2003-0309 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."

Learn more about our Web App Pen Testing.