Security concern of SendBinary method

From: phoebe (phoebe@tollon.net)
Date: 08/03/01


Message-ID: <2FED382C6774D411B0F60000E229E4D214B862@localhost>
From: phoebe <phoebe@tollon.net>
To: vuln-dev@securityfocus.com, SECURITY-BASICS@securityfocus.com
Subject: Security concern of SendBinary method
Date: Fri, 3 Aug 2001 12:43:49 +0100 

Hi all,

Does anybody using the SendBinary method ??

The method SendBinary has been given another optional argument, Attachment,
which controls whether the Content-Disposition header has the keyword
"attachment;" in it which forces a download for certain file types instead
of opening a document in-place in the IE browser.

According to the recommendation in a Web-Hosting environment, it is better
to disable this function in registry as below,

The UploadManager.SendBinary method is disabled through the
DisableSendBinary value.

Could somebody tell me about the security risk of SendBinary method and how
to fix it please ? I am so desperate want to use this method over the
website.

Please advice.

Thanks in advance.

Regards,
Phoebe