CVE-2003-0309

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 through 6.0

Description: The issue allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests. This can be achieved by opening multiple file download dialogs, which eventually cause the program to be executed. The exploitation can be demonstrated using a large number of FRAME or IFRAME tags.

Recommendations: For Internet Explorer versions 5.01 through 6.0, consider disabling the execution of files from the internet zone as a temporary workaround until a patch is available. Restrict access to the file download dialog to minimize the risk of exploitation. Avoid using multiple FRAME or IFRAME tags in web documents to prevent bypassing security zone restrictions.