Vulnerability Development mailing list archives
Re: Problem in IE's File Type Recognition
From: mikeiscool <michaelslists () gmail com>
Date: Wed, 26 Jul 2006 09:16:43 +1000
On 25 Jul 2006 09:54:31 -0000, knight4vn () yahoo com <knight4vn () yahoo com> wrote:
I found out one way to make Internet Explorer ver 6.0 recognize incorrectly type of any particular files. E.g one file named "abcd.exe" is Application type but we can force the IE browser to understand that file is "Image/JPG" or "Image/Gif" and so on .. Currently, I'm still working to find the solution allowed us to exploit IE based on this bug. Does any one have any suggestions?
this isn't a bug it's by design. it can be useful, though, to force ie to download your executable binary data to the local machine though. but it won't be executed, unless it's combined with other ie bugs. -- mic
Current thread:
- Problem in IE's File Type Recognition knight4vn (Jul 25)
- Re: Problem in IE's File Type Recognition Peter Gutmann (Jul 26)
- Re: Problem in IE's File Type Recognition mikeiscool (Jul 26)
- RE: Problem in IE's File Type Recognition Arian J. Evans (Jul 27)