Vuln Dev
Re: Re: Automatic MIME type detection in Internet Explorer 6.x allowed Aug 10 2006 10:22PM
der wert (derwert hotmail com)
This is a completely different issue, the one you speak of about the jpg
file, what it was was a gif header in a .jpg file with javascript after it,
and I just tried it and it is still unpatched, but none the less a different
issue

D

On 10 Aug 2006 05:59:06 -0000, none (at) none (dot) com [email concealed] <none (at) none (dot) com [email concealed]> wrote:
>This was actually patched a while ago by Microsoft to the best of my
>knowlege(I tested it). However, this may be a tad different. In older
>versions it was possible to upload image files to say a message board or
>whatever say an avatar. But by placing javascript in any file with a .jpg
>extension made IE execute the javascript. This went public a few years ago
>I beleive and was only fixed a month or so ago.
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus