Internet Explorer Executes Code In Pictures


Recommended Posts

11 February 2009, 11:38

Internet Explorer executes code in pictures

A feature in Internet Explorer, which checked the type of file before presenting it to the user, has been found to allow execution of JavaScript embedded in an image. The MIME sniffing functionality was originally meant to compensate for web servers sending out the wrong content type information when they responded to a request for an image. However it now appears that the feature can be easily confused, and that confusion can be exploited through a crafted image file with embedded HTML and JavaScript code that will be rendered and executed by the browser.

heise Security presents a feature, Risky MIME Sniffing in Internet Explorer, which examines the problem, demonstrates it with examples and explains how users and web site developers can mitigate the risk. (djwm)

Heise Security: http://www.heise-online.co.uk/security/Int...s--/news/112614

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...