New IE Download Spoof Found
Page 1 of 1
Security researchers on Wednesday released details of yet another spoofing flaw in Microsoft's
Internet Explorer browser that could trick users into downloading malicious files.
The latest IE bug, which carries a "moderately critical" rating from tech security consulting firm Secunia, could allow malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS
Secunia has posted an online demonstration of the security hole.
The latest IE flaw, first reported by Secunia's Malware http-equiv list, affects Internet Explorer version 6. As a workaround, IE users are urged to avoid using the "open file" option when downloading a file. Instead, IE users are urged to save files to a folder as this reveals the suspicious filename.
Microsoft has confirmed the development of patches for several known IE vulnerabilities but the complicated testing process had led to a delay in the release of fixes.
Two of the more serious IE flaws that remain unpatched include a