Vulnerability Note VU#205148
Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers
A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer (IE) evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different domain, including the Local Machine Zone.
Microsoft Security Bulletin MS03-032 describes a vulnerability in the way IE checks for files in the local browser cache:
A flaw in Internet Explorer could allow a malicious Web site operator to access information in another Internet domain, or on the user's local system by injecting specially crafted code when the browser checks for the existence of files in the browser cache. ...There is a flaw in the way Internet Explorer checks the originating domain when checking for the existence of local files in the browser cache.
An attacker who is able to convince a user to access a specially crafted HTML document, such as an Internet web page or HTML email message, could execute arbitrary script with privileges of the user in the security context of the Local Machine Zone. This technique could be used to read certain types of files in known locations on the user's system. In conjunction with other vulnerabilities (VU#626395, VU#25249), the attacker could execute arbitrary commands on the user's system. The attacker could also determine the path to the Temporary Internet Files folder (cache) and access data from other web sites.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||25 Aug 2003||25 Aug 2003|
CVSS Metrics (Learn More)
Microsoft credits LAC/SNS for reporting this vulnerability. Information used in this document came from LAC/SNS and Microsoft.
This document was written by Art Manion.
- CVE IDs: CAN-2003-0531
- CERT Advisory: CA-2003-22
- Date Public: 20 Aug 2003
- Date First Published: 25 Aug 2003
- Date Last Updated: 26 Aug 2003
- Severity Metric: 20.27
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.