View Full Version : Fresh Bug Found In Ie
sharedholder
01-28-2004, 07:28 PM
Fresh bug found in Internet Explorer
A BUG IN Internet Explorer 6 can bypass security in a moderately critical way, a bulletin from Secunia said today.
The bug, first identified by http-equiv, lets wicked souls spoof the file extension of downloadable files. That means that applications can be run, and that's done by embedding a CLSID in the file name.
The problem might apply to other versions of IE, as well.
Secunia has created an online test for you to see if you're vulnerable to the security vulnerability, and you can find that here. Oops. Our IE is vulnerable...
According to Secunia, the answer to the probbo is not to use "open file" but always save files to a folder, as that way you can spot suspect filenames
http://secunia.com/Internet_Explorer_File_..._Spoofing_Test/ (http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/)
Get Firebird awarded 2003 (http://www.klitetools.com/Hallof.html) :)
{I}{K}{E}
01-28-2004, 08:02 PM
nice to make .exe virusses and show them as .htm files <_<
{I}{K}{E}
heheh. Firebird is the shiznit :D
nanotek
01-28-2004, 08:47 PM
hehe im righting this post using firebird :P
{I}{K}{E}
01-28-2004, 10:24 PM
Originally posted by haxor41789@28 January 2004 - 22:20
hehe. ms sucks.
why do they suck? I bet you are using MS software right now <_<
{I}{K}{E}
Rip The Jacker
01-28-2004, 10:32 PM
Opera all the way. B)
Originally posted by {I}{K}{E}+28 January 2004 - 23:24--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE ({I}{K}{E} @ 28 January 2004 - 23:24)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-haxor41789@28 January 2004 - 22:20
hehe. ms sucks.
why do they suck? I bet you are using MS software right now <_<
{I}{K}{E} [/b][/quote]
Wrong. I'm using Firebird/Linux.
And I don't mean to disrespect you IKE, but Windows' original GUI was ripped from Steve Jobs'.
Agreed, Microsoft revolutionized personal computing, but those days were over a long time ago.
edit: IKE, you removed part of your post. :)
Smurfette
01-28-2004, 10:39 PM
Originally posted by nanotek+28 January 2004 - 20:47--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (nanotek @ 28 January 2004 - 20:47)</td></tr><tr><td id='QUOTE'>hehe im righting this post using firebird :P[/b]
That means I'm wronging my own using IE6.
<!--QuoteBegin-sharedholder@28 January 2004 - 19:28
According to Secunia, the answer to the probbo is not to use "open file" but always save files to a folder, as that way you can spot suspect filenames[/quote]I have cleaned many computers of pr0n-dialers and various other shit for people because a box pops up asking Do you want to instlall and run youmustclickyestothisrequestertogetfreeaccesstowhateveritisyouarelookingfor from www.dodgyproggy.ru... and the fucking numpties head for the YES button like it's gonna end world hunger or summat.
For this reason, I expect this new method of spreading viruses to become pretty popular.
{I}{K}{E}
01-28-2004, 10:41 PM
Originally posted by haxor41789@28 January 2004 - 22:36
edit: IKE, you removed part of your post. :)
yes I did, because I didn't want to go off-topic.
LOL must say I was wrong there :P
good point haxor41789
{I}{K}{E}
Originally posted by Smurfette+28 January 2004 - 16:39--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Smurfette @ 28 January 2004 - 16:39)</td></tr><tr><td id='QUOTE'>
Originally posted by nanotek@28 January 2004 - 20:47
hehe im righting this post using firebird :P
That means I'm wronging my own using IE6.
<!--QuoteBegin-sharedholder@28 January 2004 - 19:28
According to Secunia, the answer to the probbo is not to use "open file" but always save files to a folder, as that way you can spot suspect filenamesI have cleaned many computers of pr0n-dialers and various other shit for people because a box pops up asking Do you want to instlall and run youmustclickyestothisrequestertogetfreeaccesstowhateveritisyouarelookingfor from www.dodgyproggy.ru... and the fucking numpties head for the YES button like it's gonna end world hunger or summat.
For this reason, I expect this new method of spreading viruses to become pretty popular.[/b][/quote]
Dont try to make any excuses.................its a bug, plain and simple and you ie users, probably yourie2 browser as well will just have to live with it until something is done about it.
Btw, your claims have no merit. A normal home user does not know the difference of what a file is capable of doing.
For instance, even if they took your advice and "saved as" instead of opening it right then and there it will still show up as the file type. I speak in accordance with actual topic meaning I actually tried this in ie and other bowsers as well. Even in ie the file type was still pdf once it was saved. Firebird automatiically attached the html to it before it even downloaded it.
So you tell me..............do you actually think a regular non power user is going to check the file type even after its saved?
No need to answer, its NO. Their going to double click it like a dumb ass and eventhough this time it was pdf.html, next it will be fakefilename.exe and BAM.................infected! :smilie4:
Smurfette
01-28-2004, 11:14 PM
Originally posted by shn+28 January 2004 - 22:58--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (shn @ 28 January 2004 - 22:58)</td></tr><tr><td id='QUOTE'>
Originally posted by Smurfette@28 January 2004 - 16:39
Originally posted by nanotek@28 January 2004 - 20:47
hehe im righting this post using firebird :P
That means I'm wronging my own using IE6.
<!--QuoteBegin-sharedholder@28 January 2004 - 19:28
According to Secunia, the answer to the probbo is not to use "open file" but always save files to a folder, as that way you can spot suspect filenamesI have cleaned many computers of pr0n-dialers and various other shit for people because a box pops up asking Do you want to instlall and run youmustclickyestothisrequestertogetfreeaccesstowhateveritisyouarelookingfor from www.dodgyproggy.ru... and the fucking numpties head for the YES button like it's gonna end world hunger or summat.
For this reason, I expect this new method of spreading viruses to become pretty popular.
Dont try to make any excuses.................its a bug, plain and simple and you ie users, probably yourie2 browser as well will just have to live with it until something is done about it.
Btw, your claims have no merit. A normal home user does not know the difference of what a file is capable of doing.
For instance, even if they took your advice and "saved as" instead of opening it right then and there it will still show up as the file type. I speak in accordance with actual topic meaning I actually tried this in ie and other bowsers as well. Even in ie the file type was still pdf once it was saved. Firebird automatiically attached the html to it before it even downloaded it.
So you tell me..............do you actually think a regular non power user is going to check the file type even after its saved?
No need to answer, its NO. Their going to double click it like a dumb ass and eventhough this time it was pdf.html, next it will be fakefilename.exe and BAM.................infected! :smilie4: [/b][/quote]
LOL You are making a habit of misinterpreting my posts. :)
I agree with everything you say.
Like I said - I have cleaned out a lot of computers for people that don't know what's happening, trust everyone, don't check anything out, and thus are prime targets for this sort of attack.
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.