Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: Re: Automatic MIME type detection in Internet Explorer 6.x allowed

Re: Automatic MIME type detection in Internet Explorer 6.x allowed

From: Denis Jedig <seclists_at_syneticon.de>
Date: Thu, 03 Aug 2006 23:57:04 +0200

knight4vn_at_yahoo.com wrote:

> Automatic MIME type detection in Internet Explorer 6.x allowed
> downloading executable file automatically

If you change file headers to JPEGs, it's not an executable file any
more - that simple. Even if it were, "downloading" something and placing
it in temporary files is not a vulnerability. Executing it is, but this
can't happen with the described mechanisms.

Denis
Received on Aug 03 2006

This message: [ Message body ]
Next message: David Schwartz: "RE: Simple CMS"
Previous message: Volker Tanger: "Re: Simple CMS"
In reply to: knight4vn_at_yahoo.com: "Automatic MIME type detection in Internet Explorer 6.x allowed"
Next in thread: Thor Larholm: "Re: Automatic MIME type detection in Internet Explorer 6.x allowed"
Reply: Thor Larholm: "Re: Automatic MIME type detection in Internet Explorer 6.x allowed"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]