RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
From: Drew Copley (dcopley_at_eEye.com)
Date: 07/13/04
- Previous message: Polazzo Justin: "RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Maybe in reply to: Paul: "MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Next in thread: Eric McCarty: "RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jul 2004 15:04:10 -0700 To: "Polazzo Justin" <Justin.Polazzo@facilities.gatech.edu>
> -----Original Message-----
> From: Polazzo Justin [mailto:Justin.Polazzo@facilities.gatech.edu]
> Sent: Monday, July 12, 2004 12:22 PM
> To: Drew Copley
> Cc: bugtraq@securityfocus.com
> Subject: RE: MSIE Download Window Filename + Filetype
> Spoofing Vulnerability
>
> Should you not be able to tile your gui any way you please?
You can title your UI anyway you please.
>
> Someone may be thinking that you could put an image in front
> of the security box in order to trick users into clicking on
> "open" without knowledge. I noticed that you cant click on
> the buttons when the image is in front of them.
>
I haven't checked out the new demo, but it is inconsquential,
you can totally change the contents of the window so that "No"
becomes "yes", or "yes" becomes "no", or whatever else. [By
stating, "Do Not Run This App", for instance, turns the positive
into the negative.]
"Close this window"?
"Yes".
Boom.
There are countless variations on this as you can put in there,
around there, all around anything you want.
It is a pain to make a really good demo, though, this is
why no one has probably messed with it. And, it is likely
too old for the current wave of criminals to get a handle
on it.
Well, not anymore. But, thankfully, Microsoft fixed this in
SP 2. Hopefully everyone else will get this fix in their
IE as well.
> Would you be able to have an insane speed at which the object
> moves over the buttons, or a pulse action to where the image
> would appear to be solid, but would still select "open" when pressed?
Yeah, you can probably flicker it and hide it as well.
Really, the exploitation is for an artist...
>
> jp
>
> -----Original Message-----
> From: Drew Copley [mailto:dcopley@eEye.com]
>
- Previous message: Polazzo Justin: "RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Maybe in reply to: Paul: "MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Next in thread: Eric McCarty: "RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
