 |
| | HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| | PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
29-11-2004, 17.41.12
|
#1 |
|
Gold Member
Top Poster
Registrato: 26-08-2000
Loc.: tokyo city
Messaggi: 8.374
 |
Microsoft Internet Explorer "Save Picture As" Image Download Spoofing
The vulnerability is caused due to Internet Explorer using the file extension from the URL's filename when saving images with the "Save Picture As" command and also strips the last file extension if multiple file extensions exist. This can be exploited by a malicious web site to cause a valid image with malicious, embedded script code to be saved with an arbitrary file extension. Successful exploitation may allow a malicious web site to trick users into downloading e.g. a malicious HTML Application (.hta) masqueraded as a valid image. However, exploitation requires that the option "Hide extension for known file types" is enabled (default setting). The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Leggi: http://secunia.com/advisories/13317/ |
|
|
 |
| Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
| Strumenti discussione | |
|
|
Discussioni simili
|
||||
| Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
| [*BUNTU] problema riproduzione video con aixgl | Paramir | Linux e altri Sistemi Operativi | 5 | 30-11-2006 14.35.43 |
| Microsoft Internet Explorer Two Vulnerabilities | Giorgius | Sicurezza&Privacy | 0 | 21-10-2004 02.48.17 |
| Microsoft Patches | Gervy | Archivio News Web | 0 | 12-10-2004 22.58.39 |
| Download con Internet Explorer | jim281 | Windows 7/Vista/XP/ 2003 | 6 | 26-09-2004 12.52.44 |
| Grosso problema con Internet Explorer | aspide | Software applicativo | 3 | 03-09-2003 21.26.14 |
