|Georgi Guninski security advisory #50, 2001
IE 5.5/6.0 on Windows, probably earlier versions
Risk: very low (user interaction required)
Date: 21 October 2001
The information in this advisory is believed to be true based on
experiments though it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.
This is *not* security vulnerability by itself but has some
whole screen - including menus, modal dialogs, taskbar, clock, etc.
This allows "spoofing" the whole screen including modal IE messages.
Basically this means that a script initiated IE dialog
"You are downloading malicous.exe from malicous.com - 'Open | Cancel
may be made to appear to the user:
"Welcome to my new site - 'Open'" ('Cancel' is not visible and not
If the user clicks on 'Open' in the spoofed context code may be executed
(user interaction is required).
Spoofing the UI is done by window.createPopup() and popup.show() -
Image moving over download/open dialog:
If you consider this threat disable "active scripting"
Microsoft was informed on 16 October 2001.