Oval Definition:oval:org.mitre.oval:def:1014
Revision Date:2016-02-19Version:47
Title:IE File Download Dialog Deception Vulnerability
Description:Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2001-0875
Platform(s):Microsoft Windows 2000
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Software section
  • the version of mshtml.dll is less than 6.0.2712.0300
  • AND NOT Patch Q313675 Installed
  • AND NOT the patch q316059 is installed (Installed Components key)
  • AND NOT the patch q319282 is installed (Installed Components key)
  • AND NOT the patch q321232 is installed (Installed Components key)
  • AND NOT the patch q323759 is installed (Installed Components key)
  • AND NOT the patch q328970 is installed (Installed Components key)
  • AND NOT the patch q324929 is installed (Installed Components key)
  • AND NOT the patch q810847 is installed (Installed Components key)
  • AND NOT the patch q813489 is installed (Installed Components key)
  • AND NOT the patch q818529 is installed (Installed Components key)
  • AND NOT the patch q822925 is installed (Installed Components key)
  • AND NOT the patch q828750 is installed (Installed Components key)
  • AND NOT the patch q824145 is installed (Installed Components key)
  • AND NOT the patch q832894 is installed (Installed Components key)
  • AND Internet Explorer 6 is installed
  • AND Configuration section
  • File Downloads Not Disabled
  • use machine settings rather than individual user settings
  • AND File Downloads Allowed In At Least One Zone
    • BACK