Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Automatic MIME type detection in Internet Explorer 6.x allowed

Re: Automatic MIME type detection in Internet Explorer 6.x allowed

From: Denis Jedig <seclists_at_syneticon.de>
Date: Fri, 04 Aug 2006 20:54:43 +0200

Thor Larholm wrote:
> Denis Jedig wrote:
>
>> If you change file headers to JPEGs, it's not an executable file any
>> more - that simple.
>
> When the file headers are JPEG it's no longer an executable file - for
> that specific HTTP session of that specific IEXPLORE instance.

Well, it will carry on having JPEG headers for every instance of
IEXPLORE regardless of the HTTP sessions currently open. So how can this
be a security problem?

> Outside
> those constraints, you have still managed to plant an EXE file in a
> known/predictable location on the target system.

A file named EXE but not a valid executable in itself, right? I remember
there was some interesting work some months ago on header ambiguity but
I can't find the reference right now.

Regards,

Denis
Received on Aug 04 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos