Fresh bug found in Internet Explorer
A BUG IN Internet Explorer 6 can bypass security in a moderately critical way, a bulletin from Secunia said today.
The bug, first identified by http-equiv, lets wicked souls spoof the file extension of downloadable files. That means that applications can be run, and that's done by embedding a CLSID in the file name.
The problem might apply to other versions of IE, as well.
Secunia has created an online test for you to see if you're vulnerable to the security vulnerability, and you can find that here. Oops. Our IE is vulnerable...
According to Secunia, the answer to the probbo is not to use "open file" but always save files to a folder, as that way you can spot suspect filenames
http://secunia.com/Internet_Explorer_File_..._Spoofing_Test/
Get Firebird awarded 2003
Bookmarks