Vulnerability Development mailing list archives
Re: Automatic MIME type detection in Internet Explorer 6.x allowed
From: Denis Jedig <seclists () syneticon de>
Date: Thu, 03 Aug 2006 23:57:04 +0200
knight4vn () yahoo com wrote:
Automatic MIME type detection in Internet Explorer 6.x allowed downloading executable file automatically
If you change file headers to JPEGs, it's not an executable file any more - that simple. Even if it were, "downloading" something and placing it in temporary files is not a vulnerability. Executing it is, but this can't happen with the described mechanisms.
Denis
Current thread:
- Automatic MIME type detection in Internet Explorer 6.x allowed knight4vn (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- <Possible follow-ups>
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed none (Aug 10)
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed der wert (Aug 10)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)