VULHUB ™

It has been reported that Microsoft Internet Explorer may be prone to a vulnerability when handling file URIs that may be exploited to download a malicious file to the client system. It has been reported that by renaming a file, an attacker may be able to trick the browser, bypassing the security warning. An attacker may name a file in the following format to conceal the extension type from the browser: http://www.example.com/file.exe?.html Successful exploitation of this issue may allow an attacker to plant malicious files on vulnerable systems in order to execute malicious code. This issue has reportedly been tested with Microsoft Internet Explorer running on a Windows 2003 Web Server edition platform, however, other versions are likely to be affected as well.

It has been reported that Microsoft Internet Explorer may be prone to a vulnerability when handling file URIs that may be exploited to download a malicious file to the client system. It has been reported that by renaming a file, an attacker may be able to trick the browser, bypassing the security warning. An attacker may name a file in the following format to conceal the extension type from the browser: http://www.example.com/file.exe?.html Successful exploitation of this issue may allow an attacker to plant malicious files on vulnerable systems in order to execute malicious code. This issue has reportedly been tested with Microsoft Internet Explorer running on a Windows 2003 Web Server edition platform, however, other versions are likely to be affected as well.