Internet Explorer - Crafted URL strings may bypass security controls for EXE files
Posted
Tuesday, October 16, 2007 6:12 PM
by
hwaldron
Some recent discoveries have been posted where special strings after the URL address may bypass some of the security checking. As noted in the posts below, a special URL string may be crafted that can bypasses the warning prompt to the user and loads an EXE file automatically. Users should continue to be careful with URLs in email, websites, etc. and keep AV protection updated.
Internet Explorer - Special URL strings may bypass security controls for EXE files
http://aviv.raffon.net/2007/10/15/BackFromTheDead.aspx
http://www.securityfocus.com/archive/1/482220/30/0/threaded
QUOTE: Sometimes it is nice to see old vulnerabilities come back from the dead. This time I'm referring to a vulnerability in Internet Explorer that was discovered almost 3 years ago by cyber_flash. The vulnerability allows an attacker to bypass the security download warning dialog, and display a regular save file dialog, by manipulating IE into displaying executable file (a file with .exe extension) as a regular html file. While this vulnerability was partially patched by Microsoft in IE7, it was still remained unpactched in IE6 SP2.