Hi,
FYI, in case you are short of arguments to convince your friends
to install an "alternate" browser.NextGen$
--- Begin Message ---Automatic MIME type detection in Internet Explorer 6.x allowed downloading executable file automatically +Background: What's Internet Explorer automatic MIME type detection? - This feature was included in IE to detect exactly MIME type from file on server sending to browser by using FindMimeFromData method. +Description: - I've found out that using Automatic MIME type detection, we can force IE to download any file (including excutable file) without user's knowledge by causing IE treat executable file as a image (jpg,gif..). Thus, IE automatically download the file regardless of the file type, and save it in "Temporary Internet Files" folder when user visit attacker's website. +Exploitation: - Force user to download any executable files: _ Create a file named "app.exe" with a head body contained any jpg file content to force IE MIME type detection recognize it as a image file. _ When user browse the website which contained the file we've just created. IE simply treat it as a image so it automatically save that file in Temporary folder. * This exploit can be found here: Open this link: http://sendmailplus.com/knight4vn/app1.exe Open this link: http://sendmailplus.com/knight4vn/app2.exe After that, check the appearance of "app1.exe" "app2.exe" in your "Temporary internet folder". - IE treat malicious javascript as a image: * This exploit can be found here: http://www.sendmailplus.com/knight4vn/js.gif http://www.sendmailplus.com/knight4vn/js.jpg http://www.sendmailplus.com/knight4vn/js.png Discovered by: Knight Commander ([EMAIL PROTECTED], [EMAIL PROTECTED])
--- End Message ---
signature.asc
Description: Digital signature
_______________________________________________ chat mailing list [email protected] Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
