another IE weakness exposed


Overclocked Like A Mother
A cut 'n' paste from

Critical: Moderately critical
Impact: Security Bypass

Where: From remote

Software: Microsoft Internet Explorer 6

http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.

Secunia has created an online test:

This has been reported to affect Microsoft Internet Explorer 6.

NOTE: Prior versions may also be affected.

Do not use "Open" file, always save files to a folder as this reveals the suspicious filename.

Provided and/or discovered by:

News Source:



I've seen that before back in the day with IE5. I'm surpised they haven't fixed that by now. Well, good thing I don't use IE.


- geek -
How can an exploit in the day and age of spam/IRC, and other places ppl are exposed to a never ending spam of URL's, be only "Moderately critical" when they could be clicking what they think is a harmless jpg and instead is a exe that destroys everything on there computer or turns it into a DDoS zombie?

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member