Microsoft Internet Explorer 5.5 - CLSID File Execution

2001-04-17T00:00:00
ID EXPLOITPACK:1F8C8F5C5892BD028B576E2F3FDD530E
Type exploitpack
Reporter Georgi Guninski
Modified 2001-04-17T00:00:00

Description

Microsoft Internet Explorer 5.5 - CLSID File Execution

                                        
                                            source: https://www.securityfocus.com/bid/2612/info

The default operation performed to open a filetype is determining by referencing the filetype's CLSID. Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possible to specify a different default action for a given file than would normally be used. As a result, seemingly harmless files (.txt, .jpg etc) may be opened in a nonstandard, attacker specified manner. For example, a program ("evil.exe") could be renamed "evil.jpg.{CLSID_of_executables}" and when opened by the target user, this file will be executed instead of opened by their default .jpg viewer. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/20774.zip