An attacker could trick a user of Microsoft Corp.’s Internet Explorer (IE) Web browser into downloading and running a malicious program by disguising it as an innocent file, a Finnish security company has warned.
The file name as it appears in the IE file download dialogue box can be faked by using certain URLs (Uniform Resource Locators) and HTTP (HyperText Transport Protocol) headers on a Web page, making the user think he is opening a media file when in fact he is installing a “back door” on his PC, according to Oy Online Solutions Ltd. A back door is a program that can be used by hackers to enter a user’s PC.
IE won’t show the warnings it typically displays when a program file is downloaded or opened, because the .exe file extension may have been hidden or replaced with another such as .txt or .htm. The file is run without any warnings because IE, just as the user, thinks it is a harmless file, Oy Online Solutions said.
Details of the vulnerability were first released on the Bugtraq mailing list in late November. Microsoft at the time did not consider it a flaw, but will now release a patch, Jyrki Salmi, managing director of the Finnish Internet security company, said on Thursday.
“Microsoft has forwarded us the initial patch. It appears to be working and should be available next week,” he said.
Salmi declined to say why Microsoft changed its mind. It has been suggested that the vulnerability could be exploited to automatically download and run programs on a user’s PC, without even showing a faked file name in a dialog box. Salmi wouldn’t confirm or deny this, saying only that it would become clear when the patch is released.
Affected are IE 5.0, 5.5 and 6, according to Salmi. Users are advised to disable file downloading or be very cautions about downloading files until the patch becomes available, said Salmi.
In general, users should be careful when downloading files from un-trusted Web sites, Salmi said, adding that a trusted site could be hacked and thus dangerous as well.
Besides back doors, the vulnerability could also be exploited to install tools used in distributed denial of service (DDoS) attacks, format hard disks, or spread viruses, the Finnish security company said.
Oy Online Solutions Ltd. in Jyv