Short Name |
HTTP:EXPLOIT:IE-SAVE-AS-HIDE |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Internet Explorer Save As Extension Hiding |
Release Date |
2004/12/01 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Internet Explorer 5.0, 5.5, and 6.0. Attackers can use a double extension when creating a link to a file; this link can trick users into believing they are downloading a specific file type (HTML, BMP, HTA, etc.) when they are actually downloading a different file type (GIF, EXE, BAT, etc.). Using this method, attackers can place malicious code on a target computer, then use another exploit to run that code. Note: This signature can also produce false positives.
Microsoft Internet Explorer is reported susceptible to a filename extension spoofing vulnerability when utilizing the 'Save Image As' feature. Reportedly, this vulnerability is only possible when Internet Explorer is configured with 'Hide extension for known file types' enabled. This is the default configuration. This vulnerability may facilitate the spoofing of filename extensions, resulting in malicious content being inadvertently downloaded to vulnerable Web users. This issue may be related to BID 3597.