January 28, eSecurityPlanet.com
Security researchers on Wednesday, January 28, released details of yet another spoofing flaw in Microsoft's Internet Explorer (IE) browser that could trick users into downloading malicious files. The latest IE bug, which carries a "moderately critical" rating from tech security consulting firm Secunia, could allow malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS ID in a file name to fool users into opening malicious files as "trusted" file types. The latest IE flaw affects IE version 6. As a workaround, IE users are urged to avoid using the "open file" option when downloading a file. Instead, IE users are urged to save files to a folder as this reveals the suspicious filename. Microsoft has confirmed the development of patches for several known IE vulnerabilities but the complicated testing process had led to a delay in the release of fixes. Two of the more serious IE flaws that remain unpatched include a URL spoofing bug that could be used by "phishers" to trick unsuspecting surfers into give up sensitive information, including credit card and social security numbers.
Source:
http://www.esecurityplanet.com/trends/article.php/3304951
Security researchers on Wednesday, January 28, released details of yet another spoofing flaw in Microsoft's Internet Explorer (IE) browser that could trick users into downloading malicious files. The latest IE bug, which carries a "moderately critical" rating from tech security consulting firm Secunia, could allow malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS ID in a file name to fool users into opening malicious files as "trusted" file types. The latest IE flaw affects IE version 6. As a workaround, IE users are urged to avoid using the "open file" option when downloading a file. Instead, IE users are urged to save files to a folder as this reveals the suspicious filename. Microsoft has confirmed the development of patches for several known IE vulnerabilities but the complicated testing process had led to a delay in the release of fixes. Two of the more serious IE flaws that remain unpatched include a URL spoofing bug that could be used by "phishers" to trick unsuspecting surfers into give up sensitive information, including credit card and social security numbers.
Source:
http://www.esecurityplanet.com/trends/article.php/3304951