Author Topic: The hazards of MIME-sniffing, still open by default in Iternet Explorer!  (Read 2150 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Hi malware fighters,

Internet explorer runs JavaScript inside pictures through a hole in Internet Explorer.

Following MIME-information (Multipurpose Internet Mail Extensions) IE determines how files are being handled that have been sent by a webserver. Now it appears that this feature is vulnerable to specially designed HTML and JavaScript code used on a page, that accordingly will be executed by the Microsoft browser. A full description of the hole can be found here:
And here is what Vladimir Palant writes about this threat:

Here you also find changes to the registry to be secure against this.

This option (feature)  has been added in IE6 SP2, yet even in Internet Explorer 7 it is still not switched off by default — so Microsoft is well aware of the problem but security of the users doesn’t seem to be important enough, so functionality over security, and that is why polonus keeps his IE7 browser fully updated and patched, but uses it only getting MS updates,

This problem will be tackled in IE8: but at the moment it's as though once faithful guard dog has suddenly spun around with a snarl and become a threat to Internet Explorer users. Countermeasures do exist, but whether they will become firmly established in the medium term is an open question. Cross-site scripting via manipulated images doesn't seem to be widespread at the moment, but things can change very rapidly: interactive web sites are becoming preferred targets for criminals. Changing to an alternative browser – Firefox, for example – could provide a remedy. Firefox carries out MIME sniffing too, but it doesn't suddenly render an image as HTML.

« Last Edit: February 11, 2009, 08:24:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!