Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed

Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed

From: <none_at_none.com>
Date: 10 Aug 2006 05:59:06 -0000

('binary' encoding is not supported, stored as-is) This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made IE execute the javascript. This went public a few years ago I beleive and was only fixed a month or so ago.
Received on Aug 10 2006

This message: [ Message body ]
Next message: der wert: "Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed"
Previous message: SPI Labs: "Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]"
Maybe in reply to: Denis Jedig: "Re: Automatic MIME type detection in Internet Explorer 6.x allowed"
Next in thread: der wert: "Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]