CVE-2005-2829 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2829
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2829

Description: Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23448 ST 1015349 SREASON http://securityreason.com/securityalert/254 SAID Secunia Advisory: SA15368 Secunia Advisory: SA18064 Secunia Advisory: SA18311 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1458 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1340 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1209 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1490 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1505 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1507 MS http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx MISC http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 http://secunia.com/secunia_research/2005-7/advisory/ http://secunia.com/secunia_research/2005-21/advisory FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=113450519906463&w=2 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/419395/100/0/threaded BID 15823

Return to the previous page.