Cyber Flash

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 6.0 SP2 Description: The issue allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions. This is achieved through the execCommand method using the SaveAs command. Recommendations: For Microsoft Internet Explorer version 6.0 SP2, consider disabling the execCommand method as a temporary workaround until a patch is available. Restrict access to the SaveAs command to minimize the risk of exploitation.