Secunia Security Advisory - cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.
e5045e765f5620e40be7400c96987a38ac99f4efa59cbb8f0b8fbaee14baf687
TITLE:
Microsoft Internet Explorer Two Vulnerabilities
SECUNIA ADVISORY ID:
SA13203
VERIFY ADVISORY:
http://secunia.com/advisories/13203/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Spoofing
WHERE:
>From remote
SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
DESCRIPTION:
cyber flash has discovered two vulnerabilities in Internet Explorer,
which can be exploited by malicious people to bypass a security
feature in Microsoft Windows XP SP2 and trick users into downloading
malicious files.
1) Microsoft Windows XP SP2 has a security feature which warns users
when opening downloaded files of certain types. The problem is that
if the downloaded file was sent with a specially crafted
"Content-Location" HTTP header in some situations, then no security
warning will be given to the user when the file is opened.
2) An error when saving some documents using the Javascript function
"execCommand()", can be exploited to spoof the file extension in the
"Save HTML Document" dialog.
Successful exploitation requires that the option "Hide extension for
known file types" is enabled (default setting).
A combination of vulnerability 1 and 2 can be exploited by a
malicious website to trick a user into downloading a malicious
executable file masqueraded as a HTML document.
The vulnerabilities have been confirmed on a fully patched system
with Internet Explorer 6.0 and Microsoft Windows XP SP2.
SOLUTION:
Disable Active Scripting support and the "Hide extension for known
file types" option.
PROVIDED AND/OR DISCOVERED BY:
cyber flash
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------