Vuln Dev
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed Aug 10 2006 05:59AM
none none com
This was actually patched a while ago by Microsoft to the best of my knowlege(I tested it). However, this may be a tad different. In older versions it was possible to upload image files to say a message board or whatever say an avatar. But by placing javascript in any file with a .jpg extension made IE execute the javascript. This went public a few years ago I beleive and was only fixed a month or so ago.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus