-
February 15th, 2002, 06:22 AM
#1
Vulnerability: M$ IE File Extension Faking or Spoofing
Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability
Microsoft Internet Explorer uses the Content-Type and Content- Disposition HTML header fields to determine the file type of non- HTML files referenced by a website. These two content headers make up the MIME type of the field.
It is possible to insert information into the Content-Type and Content-Disposition fields that would tell Internet Explorer that a file being downloaded is of a different type than it actually is. This would not cause the file to be executed automatically, but could trick a vulnerable user into believing that they are downloading a text file instead of an executable file.
This vulnerablility was originally believed to be the same as the one reported in Bugtraq ID 3597, but was later found to be a different method of achieving the same goal.
Remote: Yes
Exploit: There is no exploit code.
Solution: Microsoft has released a patch to address this issue:
Microsoft Internet Explorer 5.0.1SP2:
Microsoft Patch q316059_IE 5.01
http://download.microsoft.com/downlo...01_sp2/NT5/EN- US/q316059.exe
Microsoft Internet Explorer 5.5SP2:
Microsoft Patch q316059_IE 5.5SP2
http://download.microsoft.com/downlo...5_sp2/WIN98Me/ EN-US/q316059.exe
Microsoft Internet Explorer 5.5SP1:
Microsoft Patch q316059_IE 5.5SP1
http://download.microsoft.com/downlo...5_sp1/WIN98Me/ EN-US/q316059.exe
Microsoft Internet Explorer 6.0:
Microsoft Patch q316059_IE6
http://download.microsoft.com/downlo...8NT42KMeXP/EN- US/q316059.exe
-
February 15th, 2002, 06:33 AM
#2
isnt that thesame as the "%%00" null byte bug?
I do remember someone posting about the null byte bug which helps crackers/hackers fake the file names and extensions but i dont remember where in THIS huge archive of thread.
Though i would think this vulnerability affects greatly the home users or network workstations than corporate servers since its rarely that an ADMIN would use the server to surf the internet.
Still it can contribute to the DDoS task of a cracker. Thanks for informing us.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|