Vulnerability: M$ IE File Extension Faking or Spoofing
Results 1 to 2 of 2

Thread: Vulnerability: M$ IE File Extension Faking or Spoofing

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Vulnerability: M$ IE File Extension Faking or Spoofing

    Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability


    Microsoft Internet Explorer uses the Content-Type and Content- Disposition HTML header fields to determine the file type of non- HTML files referenced by a website. These two content headers make up the MIME type of the field.


    It is possible to insert information into the Content-Type and Content-Disposition fields that would tell Internet Explorer that a file being downloaded is of a different type than it actually is. This would not cause the file to be executed automatically, but could trick a vulnerable user into believing that they are downloading a text file instead of an executable file.

    This vulnerablility was originally believed to be the same as the one reported in Bugtraq ID 3597, but was later found to be a different method of achieving the same goal.

    Remote: Yes

    Exploit: There is no exploit code.

    Solution: Microsoft has released a patch to address this issue:



    Microsoft Internet Explorer 5.0.1SP2:

    Microsoft Patch q316059_IE 5.01
    http://download.microsoft.com/downlo...01_sp2/NT5/EN- US/q316059.exe

    Microsoft Internet Explorer 5.5SP2:

    Microsoft Patch q316059_IE 5.5SP2
    http://download.microsoft.com/downlo...5_sp2/WIN98Me/ EN-US/q316059.exe

    Microsoft Internet Explorer 5.5SP1:

    Microsoft Patch q316059_IE 5.5SP1
    http://download.microsoft.com/downlo...5_sp1/WIN98Me/ EN-US/q316059.exe

    Microsoft Internet Explorer 6.0:

    Microsoft Patch q316059_IE6
    http://download.microsoft.com/downlo...8NT42KMeXP/EN- US/q316059.exe

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    108
    isnt that thesame as the "%%00" null byte bug?

    I do remember someone posting about the null byte bug which helps crackers/hackers fake the file names and extensions but i dont remember where in THIS huge archive of thread.

    Though i would think this vulnerability affects greatly the home users or network workstations than corporate servers since its rarely that an ADMIN would use the server to surf the internet.

    Still it can contribute to the DDoS task of a cracker. Thanks for informing us.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •