Peaches Posted February 12, 2009 Report Share Posted February 12, 2009 11 February 2009, 11:38 Internet Explorer executes code in pictures A feature in Internet Explorer, which checked the type of file before presenting it to the user, has been found to allow execution of JavaScript embedded in an image. The MIME sniffing functionality was originally meant to compensate for web servers sending out the wrong content type information when they responded to a request for an image. However it now appears that the feature can be easily confused, and that confusion can be exploited through a crafted image file with embedded HTML and JavaScript code that will be rendered and executed by the browser. heise Security presents a feature, Risky MIME Sniffing in Internet Explorer, which examines the problem, demonstrates it with examples and explains how users and web site developers can mitigate the risk. (djwm) Heise Security: http://www.heise-online.co.uk/security/Int...s--/news/112614 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.