29 January 2004

Internet Explorer security hole

New Windows / Internet Explorer security hole:

  1. Upload any Windows executable you like to a web server.

  2. Set up the web server to send .exe files as text/html.

  3. Put a CLSID in the filename.

  4. Post links to the file, cloaking them as http://www.innocenturl.com%01%00@www.yoursite.com/virus/whatever via the previously announced URL cloaking bug.

  5. Wait for anyone using Internet Explorer to click on the innocent-looking link and get asked if they want to open the HTML web page.

  6. Cackle as their computer downloads the executable and runs it, without prompting them further.

Solution: Switch to Mozilla, or don’t click on “Open” to open files.

© mathew 2017