VULHUB ™

Microsoft Internet Explorer uses the Content-Type and Content-Disposition HTML header fields to determine the file type of non-HTML files referenced by a website. These two content headers make up the MIME type of the field. It is possible to insert information into the Content-Type and Content-Disposition fields that would tell Internet Explorer that a file being downloaded is of a different type than it actually is. This would not cause the file to be executed automatically, but could trick a vulnerable user into believing that they are downloading a text file instead of an executable file. This vulnerablility was originally believed to be the same as the one reported in Bugtraq ID 3597, but was later found to be a different method of achieving the same goal.

Microsoft Internet Explorer uses the Content-Type and Content-Disposition HTML header fields to determine the file type of non-HTML files referenced by a website. These two content headers make up the MIME type of the field. It is possible to insert information into the Content-Type and Content-Disposition fields that would tell Internet Explorer that a file being downloaded is of a different type than it actually is. This would not cause the file to be executed automatically, but could trick a vulnerable user into believing that they are downloading a text file instead of an executable file. This vulnerablility was originally believed to be the same as the one reported in Bugtraq ID 3597, but was later found to be a different method of achieving the same goal.