Reported November 17, 2004, by cyber flash
VERSIONS AFFECTED
|
DESCRIPTION
Two vulnerabilities have been discovered in IE that can be used to bypass a
security feature in Windows XP Service Pack 2 (SP2) and trick users into
downloading malicious files. These two vulnerabilities are:
|
Successful exploitation requires that the option "Hide extension for
known file types" is enabled (default setting). A malicious Web site can combine
these two vulnerabilites to trick a user into downloading a malicious
executable file masquerading as a HTML document.
VENDOR RESPONSE
Microsoft has not
released a fix or bulletin that addresses this vulnerability.
CREDIT
Discovered by cyber flash.
13 comments
Hide comments