Secunia has issued a ‘Moderately critical’ advisory following the discovery of a fresh download spoofing vulnerability in Internet Explorer (prior versions may also be affected). The solution is to always Save files to a folder - and not use ‘Open’ file - as this reveals the suspicious filename:
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files. The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.
Secunia has created an online test:
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
Secunia
Internet Explorer File Download Extension Spoofing
» Microsoft Releases Internet Explorer 7 - Free Download or Automatic Update
» Porn Sites Exploit New Internet Explorer Flaw - Patch Due Oct 10
» Microsoft Issues Patches for ‘Critical’ Flaws in Media Player and Windows
» Microsoft Releases Windows WMF Vulnerability Patch
» Microsoft & Secunia Security Advisories for IE Com Flaw
» Opera 8.01Has Dialog Origin Spoofing Fix
» Pop-up Vulnerability in Browsers - Opera 8.01 Has Fix *
» Mozilla, Firefox Vulnerable to 7 Year Old Bug
» Microsoft Issues Security Patches - No IE Fix
» IE Flaw Threat Raised to ‘Extremely Critical’
» Microsoft Releases Unscheduled IE Security Patch
» Seven MS Security Bulletins & Patches - Plus Four New IE Vulnerabilities
» Secunia Advisory - Microsoft Internet Explorer Vulnerabilities
» Microsoft Releases Early Cumulative IE Patch - Phishing Flaw Fixed
» NVIDIA - Nasty File Remover
Loading ...
del.icio.us
Digg
Furl
Netscape
Yahoo! My Web
StumbleUpon
Google Bookmarks
Technorati
BlinkList
Newsvine
ma.gnolia
reddit
Windows Live
Tailrank
