Vulnerability Development mailing list archives
RE: Problem in IE's File Type Recognition
From: "Arian J. Evans" <arian.evans () anachronic com>
Date: Wed, 26 Jul 2006 12:40:45 -0500
IE's MIME type detection has been well documented for some time (and this behavior has been around for some time): http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.as p There are a number of things you can do with this, and I've discussed it with Microsoft's Security IR Center several times, and never gotten anything in the way of an "official" response about the subject (e.g.-killing auto mime-type detection for certain more dangerous types of content). I started playing around with this more last year when the Windows Media Player and WMF exploits came out, and put up some simple examples here: http://www.anachronic.com/xss It's sorta fun to play with for <= couple of hours. YMMV, Arian J. Evans "See? That was nothing. But that's how it always begins. Very small." -Egg Shen
-----Original Message----- From: knight4vn () yahoo com [mailto:knight4vn () yahoo com] Sent: Tuesday, July 25, 2006 4:55 AM To: vuln-dev () securityfocus com Subject: Problem in IE's File Type Recognition I found out one way to make Internet Explorer ver 6.0 recognize incorrectly type of any particular files. E.g one file named "abcd.exe" is Application type but we can force the IE browser to understand that file is "Image/JPG" or "Image/Gif" and so on .. Currently, I'm still working to find the solution allowed us to exploit IE based on this bug. Does any one have any suggestions?
Current thread:
- Problem in IE's File Type Recognition knight4vn (Jul 25)
- Re: Problem in IE's File Type Recognition Peter Gutmann (Jul 26)
- Re: Problem in IE's File Type Recognition mikeiscool (Jul 26)
- RE: Problem in IE's File Type Recognition Arian J. Evans (Jul 27)