Cyber Security Bulletin SB04-336
Microsoft Internet Explorer 'Save Picture As' Image Download Spoofing
System effected
Microsoft
Internet Explorer 6.0 with Windows XP SP2
A vulnerability exists which can be exploited by malicious people to trick users into downloading malicious files. The vulnerability is caused due to Internet Explorer using the file extension from the URL's filename when saving images with the 'Save Picture As' command and also strips the last file extension if multiple file extensions exist. This can be exploited by a malicious web site to cause a valid image with malicious, embedded script code to be saved with an arbitrary file extension.
Workaround: Disable the 'Hide extension for known file types' option and add the proper extension to the file name in the File name box when saving.
A Proof of Concept exploit has been published.
Secunia Advisory ID, SA13317, November 26, 2004
No comments:
Post a Comment