Thing that bothered me was it's showing as a high risk item on BlackIce.
Shows on the ISS site as affecting all OS's, and no way of removing the vulnerability, as of July 2004.
Sent an e-mail to Eric, to let him know about it as well.
ETA: This is what I pulled off of ISS
Content-Disposition file name directory traversal
content-disposition-directory-traversal (16757) High Risk
The Filename parameter in the Content-Disposition header field allows the sender to suggest a file name. If an application blindly accepts this file name, a file name could be crafted that would allow an attacker to save the file to a known location on the victim's hard drive.
Various: Any operating system Any version
No remedy available as of July 2004.
CIAC Information Bulletin N-092, Microsoft Windows Media Player Skins Flaw at http://www.ciac.org/ciac/bulletins/n-092.shtml.
Microsoft Security Bulletin MS03-017, Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787) at http://www.microsoft.com/technet/sec...ms03-017.mspx.
Standards associated with this entry:
Jul 21, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2004 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email firstname.lastname@example.org
Return to the main page