MS.IE.File.Download.Security.Warning.Bypass
Description
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
Affected Products
Microsoft Internet Explorer 6.x
Impact
Successful exploit allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
Recommended Actions
Disable Active Scripting support and the "Hide extension for known file types" option.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-03-28 | 14.582 | Sig Added |