another IE weakness exposed

  • Thread starter Heeter
  • https://www.osnn.net/admin.php?templates/thread_view.1970/delete&_xfRedirect=https%3A%2F%2Fwww.osnn.net%2Fadmin.php%3Ftemplates%2Foutdated Start date

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
A cut 'n' paste from Bink.nu.

Critical: Moderately critical
Impact: Security Bypass

Where: From remote

Software: Microsoft Internet Explorer 6

Description:
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.

Secunia has created an online test:
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/

This has been reported to affect Microsoft Internet Explorer 6.

NOTE: Prior versions may also be affected.

Solution:
Do not use "Open" file, always save files to a folder as this reveals the suspicious filename.

Provided and/or discovered by:
http-equiv


News Source: MSFN.org


Heeter
 

Reg

eXperienced!
Joined
2 Mar 2002
Messages
639
I've seen that before back in the day with IE5. I'm surpised they haven't fixed that by now. Well, good thing I don't use IE.
 

Xie

- geek -
Joined
29 Sep 2003
Messages
5,275
How can an exploit in the day and age of spam/IRC, and other places ppl are exposed to a never ending spam of URL's, be only "Moderately critical" when they could be clicking what they think is a harmless jpg and instead is a exe that destroys everything on there computer or turns it into a DDoS zombie?
 

Members online

No members online now.

Latest forum posts

Latest profile posts

Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?

Forum statistics

Threads
62,002
Messages
673,449
Members
5,596
Latest member
Joshua Liansky