Microsoft Internet Explorer Arbitrary HTML File Execution Vulnerability

An HTML parser feature included in Internet Explorer could allow malicious script, included in a HTML file that is saved as another file type, to execute upon attempting to open the file.

For example, if a file has a .gif, .txt, or .jpg etc. file extension, and it contains HTML tags along with arbitrary script. IE will detect the content type and not open the file according to the extension, it will be opened as an HTML file. Possibly allowing the execution of the arbitrary script.


 

Privacy Statement
Copyright 2010, SecurityFocus