Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Browser) > Microsoft Internet Explorer (IE)

Vendors: Microsoft

Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions

SecurityTracker Alert ID: 1012234

SecurityTracker URL: http://securitytracker.com/id/1012234

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 14 2004

Impact: Execution of arbitrary code via network, Modification of user information, User access via network

Description: Several vulnerabilities were reported in Microsoft Internet Explorer, affecting Windows XP SP2. A remote user can take full control of the target user's system.

Finjan issued a press release reporting several vulnerabilities in Microsoft Windows XP SP2. According to the report, a remote user can create a specially crafted web page that, when loaded by the target user, will silently take full control of the target user's system.

It is reported that a remote user can access files on the target user's system, execute scripting code in the local computer zone, and bypass the SP file download warning mechanism to cause arbitrary code to be downloaded to the target user's computer without any warning to the target user.

No further details were provided.

In a ComputerWorld article, Microsoft was quoted as questioning the accuracy of the Finjan claims.

Impact: A remote user can bypass the file download security mechanism in Windows XP SP2 and can execute arbitrary scripting code in the local computer zone to take full control of the target user's system.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (XP)

Message History: None.

Source Message Contents

Date: Sun, 14 Nov 2004 13:50:42 -0500
Subject: http://www.finjan.com/company/newsroom/press_show.asp?press_release_id=165


Finjan issued a press release reporting several vulnerabilities in Microsoft Windows
XP SP2.  According to the report, a remote user can create a specially crafted web
page that, when loaded by the target user, will silently take full control of the 
target user's system.

> Hackers can remotely access users' local files

> Hackers can switch between Internet Explorer Security Zones to obtain rights of
> local zone

> Hackers can bypass SP2’s notification mechanism on the download and execution of
> EXE files and therefore download files without any warning or notification

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC