|<<>>|235 of 265 Show listMobile Mode

Stop using IE Redux

Published by marco on

Slashdot is reporting a newly discovered security hole in Internet Explorer in Another Gaping Microsoft Security Hole Goes Unpatched.

Basically, it’s possible to create a link that will cause explorer to issue a download dialog asking whether you want to save the file or open it. The link would claim that the file was a text file or a PDF file, for example, leading you to possibly click to open it. However, once you tell IE to open it, it uses a different set of standards that would notice that the file was executable and execute instead, with no further checks.

No other browser does this. Choose one of those and start using it. :-) Below are some more technical descriptions of the bug.

<q>Files received via HTTP are supposed to be handled by examining the Content-Type header sent by the webserver − for instance, the Content-Type sent with this webpage is “text/html”, identifying it as a text (non-binary) document which is marked up with HTML. … IE handles files in an odd mish-mash of looking at the Content-Type sometimes for some purposes, looking at file extension sometimes for some purposes. … [It’s possible to] to feed it a Content-Type at odds with the file extension − the Content-Type may be innocuous, but the extension says “execute me”, so when the “integrated” IE engine gets ahold of it, the malicious content is automatically executed.</q>

Online Solutions reports in 2001-11-26 Security Note: File extensions spoofable in MSIE download dialog

<q>A piece of HTML can be used to cause a normal download dialog to pop up. The dialog would prompt the user to choose whether he/she wants to “open this file from its current location” or “save this file to disk”. The file name and extension may be anything the malicious website administrator (or a user having access there) wishes, e.g. README.TXT, index.html, or sample.wav. If the user chooses the first alternative, “open the file from its current location”, an .EXE application is actually run without any further dialogs. This happens even if downloading a normal .EXE file from the server causes a Security Warning dialog.</q>

Microsoft responded thusly:

<q>Microsoft was contacted on November 19th. The company doesn’t currently consider this is a vulnerability; they say that the trust decision should be based on the file source and not type.</q>

Copyright (c) 1999-2024 earthli.com. All Rights Reserved.
Powered by