Bugtraq mailing list archives
RE: File extensions spoofable in MSIE download dialog
From: Jouko Pynnonen <jouko () solutions fi>
Date: Mon, 26 Nov 2001 20:51:11 +0200 (EET)
On Mon, 26 Nov 2001, Jonathan G. Lampe wrote:
I could not reproduce this problem with semi-current versions of the latest browsers.
[snip]
I tried the following four variations in my test: (Comment/uncomment the lines!) 1. Bogus Content Type, No Attachment Header 2. octet Content Type, No Attachment Header 3. Bogus Content Type, Attachment Header 4. octet Content Type, Attachment Header
Some details needed for reproducing and exploiting the flaw were left out of my posting because there is no good workaround or a patch available, and the flaw could be quite easily used maliciously. Using those details it would be relatively easy to create a worm that infects a system when a user "opens" a plain text file from an infected website, for instance. For the same reason there wasn't any test page URL included in my posting. That, and technical details will be published later. -- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko () solutions fi http://www.solutions.fi http://www.secmod.com
Current thread:
- File extensions spoofable in MSIE download dialog Jouko Pynnonen (Nov 26)
- Re: File extensions spoofable in MSIE download dialog Georgi Guninski (Nov 26)
- <Possible follow-ups>
- RE: File extensions spoofable in MSIE download dialog Jonathan G. Lampe (Nov 26)
- RE: File extensions spoofable in MSIE download dialog Jouko Pynnonen (Nov 26)
- RE: File extensions spoofable in MSIE download dialog StatiC (Nov 29)
- Re: File extensions spoofable in MSIE download dialog chef (Nov 29)
- Re: File extensions spoofable in MSIE download dialog 'StatiC' (Nov 29)
- RE: File extensions spoofable in MSIE download dialog Jonathan G. Lampe (Nov 29)
- Re: File extensions spoofable in MSIE download dialog chef (Nov 29)