VULHUB ™

It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt (or other seemingly harmless file type) file in the Download dialog. When including a certain string of characters between the filename and the actual file extension, IE will display the specified misleading file extension type. The end result is that a malicious webmaster is able to entice a user to open or save arbitrary files to their local system. * It has been reported that patched systems may still be vulnerable to this issue. If the attacker composes a .hta file, using the methods described above, it is possible for the malicious file to go undetected by patched systems.

It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt (or other seemingly harmless file type) file in the Download dialog. When including a certain string of characters between the filename and the actual file extension, IE will display the specified misleading file extension type. The end result is that a malicious webmaster is able to entice a user to open or save arbitrary files to their local system. * It has been reported that patched systems may still be vulnerable to this issue. If the attacker composes a .hta file, using the methods described above, it is possible for the malicious file to go undetected by patched systems.