RE: Problem in IE's File Type Recognition

["Arian J. Evans" <arian.evans () anachronic com>]

IE's MIME type detection has been well documented for some time
(and this behavior has been around for some time):

http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.as
p

There are a number of things you can do with this, and I've
discussed it with Microsoft's Security IR Center several
times, and never gotten anything in the way of an "official"
response about the subject (e.g.-killing auto mime-type
detection for certain more dangerous types of content).

I started playing around with this more last year when
the Windows Media Player and WMF exploits came out, and
put up some simple examples here:

http://www.anachronic.com/xss

It's sorta fun to play with for <= couple of hours. YMMV,

Arian J. Evans

"See? That was nothing.
But that's how it always begins.
Very small." -Egg Shen 

> -----Original Message-----
> From: knight4vn () yahoo com [mailto:knight4vn () yahoo com] 
> Sent: Tuesday, July 25, 2006 4:55 AM
> To: vuln-dev () securityfocus com
> Subject: Problem in IE's File Type Recognition
>
> I found out one way to make Internet Explorer ver 6.0 
> recognize incorrectly type of any particular files.   E.g one 
> file named "abcd.exe" is Application type but we can force 
> the IE browser to understand that    file is "Image/JPG" or 
> "Image/Gif" and so on .. Currently, I'm still working to find 
> the solution allowed us to exploit IE based on this bug. Does 
> any one have any suggestions?