Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables
Categorie: Vulnerability Posted: 2003-12-29 by ReCall Views: 470 Source: Click here
Current Rating: Not rated
Details
Description: An exploit method was reported in Microsoft Internet Explorer, illustrating IE's weak default settings for the 'Trusted Site' security zone. A remote user can create HTML that will cause an arbitrary executable to be silently downloaded to and installed on a target user's system.
http-equiv reported that a remote user can create HTML that, when loaded by a target user, will trigger the flaw and install arbitrary code to the target user's system, potentially in an arbitrary security domain.
With the assistance of a cross-site scripting flaw in a web site designated as a 'trusted site' domain, a remote user can display HTML containing a '
