Vulnerability: IE file download extension spoofing
- 29 January, 2004 09:32
Secunia Security Advisories notes http-equiv of Malware has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.
“The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension...This could be exploited to trick users into opening ‘trusted’ file types which are in fact malicious files.”
The vulnerability affects Microsoft Internet Explorer 6.
For more, go to: http://www.secunia.com/advisories/10736/