New Search

Server 2003 File Download Dialog Box Manipulation Vulnerability

oval:org.mitre.oval:def:1458

Multiple design errors in Microsoft Internet Explorer 5.01 5.5 and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button aka "File Download Dialog Box Manipulation Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2005-2829
Product(s):
  • Microsoft Internet Explorer