Microsoft IE File Download Extension Spoofing

2004-07-13T16:45:54
ID OSVDB:7802
Type osvdb
Reporter http-equiv(http-equiv@excite.com )
Modified 2004-07-13T16:45:54

Description

Vulnerability Description

Internet Explorer (IE) contains a flaw that may allow a malicious user to spoof the file extension of downloaded files. The issue is triggered when a remote attacker embeds a class specifier (CLSID) in the file name of a malicious file, which causes IE open the file with a different application than what the file type specifies. By tricking a user into downloading a malicious file with the spoofed trusted file extension, a remote attacker can execute arbitrary code on the user's system, resulting in a loss of confidentiality, integrity and availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Internet Explorer (IE) contains a flaw that may allow a malicious user to spoof the file extension of downloaded files. The issue is triggered when a remote attacker embeds a class specifier (CLSID) in the file name of a malicious file, which causes IE open the file with a different application than what the file type specifies. By tricking a user into downloading a malicious file with the spoofed trusted file extension, a remote attacker can execute arbitrary code on the user's system, resulting in a loss of confidentiality, integrity and availability.

References:

Secunia Advisory ID:12058 Secunia Advisory ID:10736 Related OSVDB ID: 3738 Microsoft Security Bulletin: MS04-024 Microsoft Knowledge Base Article: 839645 Generic Exploit URL: http://www.malware.com/gooroo.html CVE-2004-0420 Bugtraq ID: 9510