Vulnerability Development mailing list archives
Automatic MIME type detection in Internet Explorer 6.x allowed
From: knight4vn () yahoo com
Date: 3 Aug 2006 10:08:02 -0000
Automatic MIME type detection in Internet Explorer 6.x allowed downloading executable file automatically +Background: What's Internet Explorer automatic MIME type detection? - This feature was included in IE to detect exactly MIME type from file on server sending to browser by using FindMimeFromData method. +Description: - I've found out that using Automatic MIME type detection, we can force IE to download any file (including excutable file) without user's knowledge by causing IE treat executable file as a image (jpg,gif..). Thus, IE automatically download the file regardless of the file type, and save it in "Temporary Internet Files" folder when user visit attacker's website. +Exploitation: - Force user to download any executable files: _ Create a file named "app.exe" with a head body contained any jpg file content to force IE MIME type detection recognize it as a image file. _ When user browse the website which contained the file we've just created. IE simply treat it as a image so it automatically save that file in Temporary folder. * This exploit can be found here: Open this link: http://sendmailplus.com/knight4vn/app1.exe Open this link: http://sendmailplus.com/knight4vn/app2.exe After that, check the appearance of "app1.exe" "app2.exe" in your "Temporary internet folder". - IE treat malicious javascript as a image: * This exploit can be found here: http://www.sendmailplus.com/knight4vn/js.gif http://www.sendmailplus.com/knight4vn/js.jpg http://www.sendmailplus.com/knight4vn/js.png Discovered by: Knight Commander (knight4vn () yahoo com, knight4vn () vietcert com)
Current thread:
- Automatic MIME type detection in Internet Explorer 6.x allowed knight4vn (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- <Possible follow-ups>
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed none (Aug 10)
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed der wert (Aug 10)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)