Signature Detail

HTTP: Internet Explorer Forced File Download

This signature detects the download of a maliciously crafted HTML document. The document forces Microsoft Internet Explorer to download a file specified by the HTML document creator.

Extended Description

Microsoft Internet Explorer is reported prone to a file download security warning bypass weakness. This issue may be exploited to download a malicious file to the client system. It is reported that this security warning can be bypassed by creating a document containing a specially crafted HTML BODY tag and a dynamic IFRAME. By enticing a user to visit a site, the attacker can potentially plant malicious files on vulnerable systems in order to execute malicious code. It should be noted that although no security warning appears, the standard download confirmation widnow still appears and requires the user to confirm the download prior to any files being placed on the unsuspecting user's computer. This vulnerability may be combined with other issues in the browser or the affected computer to aid in various attacks. It should also be noted that Symantec has been unable to replicate this issue. Furthermore Microsoft has stated that this is not a vulnerability. This BID will be updated when further information becomes available. Internet Explorer 6.0 running on Microsoft Windows XP SP2 is reported to be affected by this vulnerability. It is conjectured that other versions of Internet Explorer are vulnerable as well. This BID will be updated when more information about affected packages is available.

Affected Products

• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1

References

• BugTraq: 12264
• CVE: CVE-2005-0110
• URL: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0455.html
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln2777.html