Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005
CVE: CVE-2001-0727
BID: 3578
OSVDB: 3033

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Using a null byte (%00) in the filename field found in the Content-disposition header, a remote web server may be able to disguise the content type of a downloaded file, leading to code execution. If “inline” is specified in the Content-disposition header, command execution could automatically occur without any user interaction.

Resolution

Install the patch referenced in Microsoft Security Bulletin 01-058.

References

<http://archives.neohapsis.com/archives/bugtraq/2002-01/0177.html&gt;

Limitations

This exploit requires a user on the affected system to follow a link to the exploit using Internet Explorer.

Platforms

Windows