Bugtraq mailing list archives
RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
From: "Drew Copley" <dcopley () eEye com>
Date: Mon, 12 Jul 2004 15:04:10 -0700
-----Original Message----- From: Polazzo Justin [mailto:Justin.Polazzo () facilities gatech edu] Sent: Monday, July 12, 2004 12:22 PM To: Drew Copley Cc: bugtraq () securityfocus com Subject: RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability Should you not be able to tile your gui any way you please?
You can title your UI anyway you please.
Someone may be thinking that you could put an image in front of the security box in order to trick users into clicking on "open" without knowledge. I noticed that you cant click on the buttons when the image is in front of them.
I haven't checked out the new demo, but it is inconsquential, you can totally change the contents of the window so that "No" becomes "yes", or "yes" becomes "no", or whatever else. [By stating, "Do Not Run This App", for instance, turns the positive into the negative.] "Close this window"? "Yes". Boom. There are countless variations on this as you can put in there, around there, all around anything you want. It is a pain to make a really good demo, though, this is why no one has probably messed with it. And, it is likely too old for the current wave of criminals to get a handle on it. Well, not anymore. But, thankfully, Microsoft fixed this in SP 2. Hopefully everyone else will get this fix in their IE as well.
Would you be able to have an insane speed at which the object moves over the buttons, or a pulse action to where the image would appear to be solid, but would still select "open" when pressed?
Yeah, you can probably flicker it and hide it as well. Really, the exploitation is for an artist...
jp -----Original Message----- From: Drew Copley [mailto:dcopley () eEye com]
Current thread:
- MSIE Download Window Filename + Filetype Spoofing Vulnerability Paul (Jul 12)
- <Possible follow-ups>
- RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability Drew Copley (Jul 12)
- RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability Polazzo Justin (Jul 13)
- RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability Drew Copley (Jul 13)
- RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability Eric McCarty (Jul 17)