RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability

["Drew Copley" <dcopley () eEye com>]

> -----Original Message-----
> From: Polazzo Justin [mailto:Justin.Polazzo () facilities gatech edu] 
> Sent: Monday, July 12, 2004 12:22 PM
> To: Drew Copley
> Cc: bugtraq () securityfocus com
> Subject: RE: MSIE Download Window Filename + Filetype 
> Spoofing Vulnerability
>
> Should you not be able to tile your gui any way you please? 

You can title your UI anyway you please.

> Someone may be thinking that you could put an image in front 
> of the security box in order to trick users into clicking on 
> "open" without knowledge. I noticed that you cant click on 
> the buttons when the image is in front of them.

I haven't checked out the new demo, but it is inconsquential,
you can totally change the contents of the window so that "No"
becomes "yes", or "yes" becomes "no", or whatever else. [By
stating, "Do Not Run This App", for instance, turns the positive
into the negative.]

"Close this window"?

"Yes".

Boom.

There are countless variations on this as you can put in there,
around there, all around anything you want.

It is a pain to make a really good demo, though, this is
why no one has probably messed with it. And, it is likely
too old for the current wave of criminals to get a handle
on it.

Well, not anymore. But, thankfully, Microsoft fixed this in
SP 2. Hopefully everyone else will get this fix in their
IE as well.


> Would you be able to have an insane speed at which the object 
> moves over the buttons, or a  pulse action to where the image 
> would appear to be solid, but would still select "open" when pressed?

Yeah, you can probably flicker it and hide it as well.

Really, the exploitation is for an artist...

> jp
>
> -----Original Message-----
> From: Drew Copley [mailto:dcopley () eEye com]