Vulnerability Development mailing list archives
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed
From: none () none com
Date: 10 Aug 2006 05:59:06 -0000
This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made IE execute the javascript. This went public a few years ago I beleive and was only fixed a month or so ago.
Current thread:
- Automatic MIME type detection in Internet Explorer 6.x allowed knight4vn (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- <Possible follow-ups>
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed none (Aug 10)
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed der wert (Aug 10)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)