CVE-2007-5456 Information

Description

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the \File Download - Security Warning\ dialog box and download arbitrary .exe files by placing a ‘?’ (question mark) followed by a non-.exe filename after the .exe filename as demonstrated by (1) .txt (2) .cda (3) .log (4) .dif (5) .sol (6) .htt (7) .itpc (8) .itms (9) .dvr-ms (10) .dib (11) .asf (12) .tif and unspecified other extensions a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries although it does bypass an intended protection mechanism.

Reference

http://securityreason.com/securityalert/3222 http://www.securityfocus.com/archive/1/482220/100/0/threaded http://www.securityfocus.com/archive/1/482248/100/0/threaded http://www.securityfocus.com/archive/1/482297/100/0/threaded http://www.securityfocus.com/archive/1/482314/100/0/threaded http://www.securityfocus.com/bid/26062