W3C home > Mailing lists > Public > www-tag@w3.org > June 2003

Re: Security issue in Media-type override?

From: Miles Sabin <miles@milessabin.com>
Date: Mon, 23 Jun 2003 22:31:10 +0100
To: WWW-Tag <www-tag@w3.org>
Message-Id: <200306232231.11172.miles@milessabin.com>

Tim Bray wrote,
> Whereas this is easy to believe, we'd like to see a specific scenario
> or two showing how nefarious action or erroneous practice could lead
> to a security breach.

I think this (now rather ancient) MS IE vulnerability is the kind of 
thing you're looking for,

  http://www.inside-security.de/msie_mime_demo.html

The demo is a VB-script document delivered with content-type of 
audio/x-wav but sniffed out and executed by IE regardless of 
restrictions on script execution. The links to the Microsoft Security 
Bulletin and Bugtraq and CVE listings have more details. IIRC several 
rather unpleasant worms were based on this flaw.

Cheers,


Miles
Received on Monday, 23 June 2003 17:31:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:32:38 UTC