posted on Thursday, November 18, 2004 10:16 AM
by
demiliani
IE flaws again
Two new Internet Explorer vulnerabilities are discovered and they can be exploited by malicious people to bypass the security features in Microsoft Windows XP SP2.
According to Secunia, the flaws are:
1) Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. If the downloaded file was sent with a specially crafted "Content-Location" HTTP header, in some situations no security warning will be given to the user when the file is opened.
2) An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog.
Successful exploitation requires that the option "Hide extension for known file types" is enabled (default setting) and a combination of vulnerability 1 and 2 can be exploited by a malicious website to trick a user into downloading a malicious executable file masqueraded as a HTML document.
For the moment there are no patches available, but the solution could be disable Active Scripting support and the "Hide extension for known file types" option.