CVE-2003-0309
Internet Explorer 5.01, 5.5, 6.0 - Remote Code Execution via Multiple File Download Dialogs
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0309. PoCs published by Marek Bialoglowy.
AI-analyzed exploit summary This exploit leverages a zone bypass vulnerability in Internet Explorer by embedding multiple 'file://' requests in separate Iframes, causing the file to execute in the Local Computer zone. The exploit is delivered via a RAR archive containing a proof-of-concept.
Description
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
Exploits (1)
This exploit leverages a zone bypass vulnerability in Internet Explorer by embedding multiple 'file://' requests in separate Iframes, causing the file to execute in the Local Computer zone. The exploit is delivered via a RAR archive containing a proof-of-concept.