PT-2004-2254 · Microsoft · Internet Explorer

Cyber Flash

Published

2004-11-16

Updated

2021-07-23

CVE-2004-1331

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 6.0 SP2

Description: The issue allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions. This is achieved through the execCommand method using the SaveAs command.

Recommendations: For Microsoft Internet Explorer version 6.0 SP2, consider disabling the execCommand method as a temporary workaround until a patch is available. Restrict access to the SaveAs command to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1331

Affected Products

Internet Explorer

PT-2004-2254 · Microsoft · Internet Explorer

CVE-2004-1331

Related Identifiers

Affected Products

References · 8