When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft Internet Explorer Two Vulnerabilities

cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.

Details

  • Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header in some situations, then no security warning will be given to the user when the file is opened.

  • An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog.
Solution:
  • Disable Active Scripting support and the "Hide extension for known file types" option.
News source: Secunia
Report a problem with article
Next Article

Avant Browser 10.0 Build 033

Previous Article

Try scratching this DVD