Microsoft Internet Explorer Content-Type Field Arbitrary File Execution Vulnerability

Microsoft Internet Explorer Content-Type Field Arbitrary File Execution Vulnerability

Microsoft Internet Explorer uses the Content-Type HTML header field to determine how to handle a file when downloading it from a website.

A flaw exists in the way that Internet Explorer processes the Content-Type field. It would be possible to create a Content-Type field that would allow a file to be downloaded to the user's system and automatically executed with the appropriate application.

It is important to note that since Microsoft Outlook and Outlook Express use Internet Explorer to interpret HTML email messages, this vulnerability could also be exploited through HTML email or newsgroup postings.