playing for fun with <=IE7 Oct 12 2007 08:34PM
laurent gaffie gmail com (3 replies)
playing for fun with <=IE7

Impact: who knows ...

Fix Available: no


1) Bug

2) Proof of concept



1) Bug


it's possible to bypass the extension filter of <=IE7 this can result by downloading

an arbitrary exe file


2)proof of concept


let's take this exemple :


this is simply putty .

you click on this and then you will be prompted for downloading the file.

but what about if we do :


... the .exe is showed.

now let's go a bit ahead :


wow my .exe is downloaded directly and located in temporary files ( and """opened""" by windows media player).

works with theses extension :











etc ...


5) Conclusion


this is very funny , because actually it only works for .exe extensions.

.COM , .PIF , etc you CANT do this. ( overwrite the extension , and then bypass the filter)

i guess we can wonder what the heck.

regards laurent gaffié

[ reply ]
RE: playing for fun with <=IE7 Oct 15 2007 10:21PM
avivra (avivra gmail com)
RE: playing for fun with <=IE7 Oct 15 2007 07:39PM
James C. Slora Jr. (james slora phra com)
RE: playing for fun with <=IE7 Oct 13 2007 06:05PM
Roger A. Grimes (roger banneretcs com)


Privacy Statement
Copyright 2010, SecurityFocus