A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system.
When Internet Explorer (IE) follows a link to an executable file (.exe), a dialog window is displayed that prompts the user to open the file, save the file, or cancel the operation. When handling a sufficiently large number of file download requests, IE eventually fails to display the dialog window and executes the specified file without user intervention. A dialog is displayed for each download request, and it may be possible to terminate the IE process before the file is executed. Publicly available examples use large numbers of frames (FRAME or IFRAME elements) to generate download requests.
Other software that uses the WebBrowser ActiveX control may be affected.
An attacker who is able to convince a user to access a specially crafted HTML document, such as an Internet web page or HTML email message, could execute arbitrary code with the privileges of the user. Resource exhaustion caused by the large number of download requests could also cause a denial of service.
This vulnerability was publicly reported by Marek Bialoglowy.
This document was written by Art Manion.
|Date First Published:||2003-05-16|
|Date Last Updated:||2006-12-08 20:46 UTC|