CVE-2007-5456 in Internet Explorerinfo

Summary

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a ? (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

10/14/2007

Disclosure

10/14/2007

Moderation

VulDB entry created

Entries

VDB-39265 (1)

CPE

ready

CWE

CWE-94 (Confirmed)

CVSS

7.3

EPSS

0.10594

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5456
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5456
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5456/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!