Microsoft Windows Shell CLSID File Extension Misrepresentation Vulnerability

A vulnerability has been reported in the Windows Shell that may allow files to be misrepresented to client users. The reported vulnerability involves specifying the CLSID for HTML applications in the name of a malicious file, followed by another file name and extension.

This issue could be exploited to disguise executable content in the form of an HTML application (HTA) file as a file type that may appear innocuous to a victim user, such as a media file. The file will appear to be of an attacker-specified type in the file download dialog presented to the user. The user may then download/open that file under the assumption it is safe, which could result in execution of malicious code on the client system in the context of the victim user. A proof-of-concept was released which creates an embedded web interface to play a media file, which could further convince the user to open the malicious HTML application.


Privacy Statement
Copyright 2010, SecurityFocus