Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Automatic MIME type detection in Internet Explorer 6.x allowed
From: Denis Jedig (seclistssyneticon.de)
Date: Fri Aug 04 2006 - 13:54:43 CDT
Thor Larholm wrote:
> Denis Jedig wrote:
>> If you change file headers to JPEGs, it's not an executable file any
>> more - that simple.
> When the file headers are JPEG it's no longer an executable file - for
> that specific HTTP session of that specific IEXPLORE instance.
Well, it will carry on having JPEG headers for every instance of
IEXPLORE regardless of the HTTP sessions currently open. So how can this
be a security problem?
> those constraints, you have still managed to plant an EXE file in a
> known/predictable location on the target system.
A file named EXE but not a valid executable in itself, right? I remember
there was some interesting work some months ago on header ambiguity but
I can't find the reference right now.