![]() ![]() Microsoft Windows 2000 Professional SP2.Microsoft Windows 2000 Professional SP1.Microsoft Windows 2000 Datacenter Server.Microsoft Windows 2000 Datacenter Server SP4.Microsoft Windows 2000 Datacenter Server SP3.Microsoft Windows 2000 Datacenter Server SP2.Microsoft Windows 2000 Datacenter Server SP1.Microsoft Windows 2000 Advanced Server SP4.Microsoft Windows 2000 Advanced Server SP3.Microsoft Windows 2000 Advanced Server SP2.Microsoft Windows 2000 Advanced Server SP1.A proof-of-concept was released which creates an embedded web interface to play a media file, which could further convince the user to open the malicious HTML application. The user may then download/open that file under the assumption it is safe, which could result in execution of malicious code on the client system in the context of the victim user. ![]() The file will appear to be of an attacker-specified type in the file download dialog presented to the user. This issue could be exploited to disguise executable content in the form of an HTML application (HTA) file as a file type that may appear innocuous to a victim user, such as a media file. The reported vulnerability involves specifying the CLSID for HTML applications in the name of a malicious file, followed by another file name and extension. Extended DescriptionĪ vulnerability has been reported in the Windows Shell that may allow files to be misrepresented to client users. A successful attack can lead to allow a malicious user to spoof the file extension of downloaded files. This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. HTTP: Microsoft IE File Download Extension Spoofing Microsoft IE File Download Extension Spoofing ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |