playing for fun with <=IE7

Risk: Medium
Local: Yes
Remote: Yes

CVSS Base Score: 2.6/10
Impact Subscore: 2.9/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

playing for fun with <=IE7 Impact: who knows ... Fix Available: no ------------------------------------------------------- 1) Bug 2) Proof of concept 3)Conclusion ====== 1) Bug ====== it's possible to bypass the extension filter of <=IE7 this can result by downloading an arbitrary exe file ===== 2)proof of concept ===== let's take this exemple : this is simply putty . you click on this and then you will be prompted for downloading the file. but what about if we do : ... the .exe is showed. now let's go a bit ahead : wow my .exe is downloaded directly and located in temporary files ( and """opened""" by windows media player). works with theses extension : .log .dif .sol .htt .itpc .itms .dvr-ms .dib .asf .tif etc ... ===== 5) Conclusion ===== this is very funny , because actually it only works for .exe extensions. .COM , .PIF , etc you CANT do this. ( overwrite the extension , and then bypass the filter) i guess we can wonder what the heck. regards laurent gaffi

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023,


Back to Top