IE Can’t Handle Content-Disposition HTML

SecurityProNews
Staff Writer
2006-04-11

A flaw in Internet Explorer was made public yesterday by security architect Darren Bounds. The flaw is in how IE handles downloading files with Content-Disposition.

The weakness is due to IE's flawed support of RFC 2183 that causes the browser to mishandle HTML files, opening them inline and "exposing the application of scope."

"As such, it is strongly advisable that web-based software vendors use alternative methods to mitigate this class of attack," writes Bounds.

Bounds went on to opine that the simplicity of the exploit increases the likelihood of being used in the wild.

View All Articles by SecurityProNews

About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials