Vulnerability Development mailing list archives
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed
From: "der wert" <derwert () hotmail com>
Date: Thu, 10 Aug 2006 17:22:32 -0500
This is a completely different issue, the one you speak of about the jpg file, what it was was a gif header in a .jpg file with javascript after it, and I just tried it and it is still unpatched, but none the less a different issue
D On 10 Aug 2006 05:59:06 -0000, none () none com <none () none com> wrote:
This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made IE execute the javascript. This went public a few years ago I beleive and was only fixed a month or so ago.
_________________________________________________________________Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Current thread:
- Automatic MIME type detection in Internet Explorer 6.x allowed knight4vn (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 04)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Thor Larholm (Aug 04)
- <Possible follow-ups>
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed none (Aug 10)
- Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed der wert (Aug 10)
- Re: Automatic MIME type detection in Internet Explorer 6.x allowed Denis Jedig (Aug 03)