Signature Detail

HTTP: Internet Explorer execCommand File-type Spoofing

This signature detects attempts to exploit a known vulnerability in the way that Internet Explorer handles the JavaScript execCommand function. Attackers can trick a user into saving a file that the user thinks is HTML, but is actually an executable file; consequently empowering the attacker to execute arbitrary code on the affected system.

Extended Description

Microsoft Internet Explorer is reported prone to a file download security warning bypass vulnerability. This issue may be exploited to download a malicious file to the client system. When a URI location is not found the user usually receives a 404 error message. It is reported that this issue allows an attacker to create a custom HTTP 404 error message and use the 'execCommand' method to save a Web page to the local system. By enticing a user to follow a malicious link the attacker can plant malicious files on vulnerable systems in order to execute malicious code.

Affected Products

• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 11686
• CVE: CVE-2004-1331
• URL: http://www.kb.cert.org/vuls/id/743974