VULHUB ™

Microsoft Security Advisory MS01-058 - Microsoft Internet Explorer 5.5 and 6.0 contains three remote vulnerabilities which allow attackers to run code of their choice. The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. The second vulnerability is a newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-015. The third vulnerability involves a flaw related to the display of file names in the File Download dialogue box, allowing an attacker to misrepresent the name of the file in the dialogue. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS01-058 - Microsoft Internet Explorer 5.5 and 6.0 contains three remote vulnerabilities which allow attackers to run code of their choice. The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. The second vulnerability is a newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-015. The third vulnerability involves a flaw related to the display of file names in the File Download dialogue box, allowing an attacker to misrepresent the name of the file in the dialogue. Microsoft FAQ on this issue available here.