Microsoft released a patch (Q290108) which addressed an issue discussed in Microsoft Security Bulletin (MS01-020). The released patch exposes a new issue which enables an attacker to run code of his choice on a target users machine. The functionality of this patch was also integrated into Internet Explorer 6. When a user attempts to access certain file types in IE, IE will prompt the user with three options, 1. Run this program from current location 2. Save this program to disk 3. Cancel. It should be noted that the dialog box prompt will be worded slightly differently depending on the version of IE being used. If an attacker composed a malicious file containing script and modified the 'Content-ID' field, when browsed the user would be prompted with either of the three options. The malicious script would execute if the user chose to "Run this program from current location". This vulnerability enables attackers to disguise high-risk files as common, less suspicious files. When the...
Microsoft released a patch (Q290108) which addressed an issue discussed in Microsoft Security Bulletin (MS01-020). The released patch exposes a new issue which enables an attacker to run code of his choice on a target users machine. The functionality of this patch was also integrated into Internet Explorer 6. When a user attempts to access certain file types in IE, IE will prompt the user with three options, 1. Run this program from current location 2. Save this program to disk 3. Cancel. It should be noted that the dialog box prompt will be worded slightly differently depending on the version of IE being used. If an attacker composed a malicious file containing script and modified the 'Content-ID' field, when browsed the user would be prompted with either of the three options. The malicious script would execute if the user chose to "Run this program from current location". This vulnerability enables attackers to disguise high-risk files as common, less suspicious files. When the user is prompted, the filename and extension will appear in the dialog box. The modifications done to the 'Content-ID' field will determine what file extension appears ie: .pdf, .jpg, .gif etc. These file extensions appear to be harmless and a user may feel confident in viewing it.
