Microsoft IE Automatic MIME Detection Weakness

2005-08-09T05:52:17
ID OSVDB:19024
Type osvdb
Reporter Seth Fogie(contact@airscanner.com)
Modified 2005-08-09T05:52:17

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw related to the its MIME type detection feature that may allow an attacker to trick a user to access of a file of different mime type. For example, a user could be tricked in opening a html file containing JavaScript, but thinks he is opening a jpg file.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw related to the its MIME type detection feature that may allow an attacker to trick a user to access of a file of different mime type. For example, a user could be tricked in opening a html file containing JavaScript, but thinks he is opening a jpg file.

References:

Vendor URL: http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/overview/appendix_a.asp Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0231.html Keyword: Airscanner Mobile Security Advisory #05080501 Generic Exploit URL: http://www.airscanner.com/security/images/IE_MIME.jpg