[21987] in bugtraq
RE: TXT or HTML? -- IE NEW BUG
daemon@ATHENA.MIT.EDU (Daniel Lukasiak)
Sun Jul 29 06:53:39 2001
Date: Sun, 29 Jul 2001 10:05:13 +0200 (CEST)
From: Daniel Lukasiak <ashtray@estrai.com>
To: arivanov@sigsegv.cx
Cc: cr4zybird <cr4zybird@hotmail.com>, bugtraq@securityfocus.com
In-Reply-To: <XFMail.20010728094004.arivanov@sigsegv.cx>
Message-ID: <Pine.LNX.4.20.0107290955090.229-100000@vegan>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 28 Jul 2001 arivanov@sigsegv.cx wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I may be terribly mistaken, but I think that this to some extent has
> been discussed previously on Bugtraq. I cannot get through to the securityfocus
> web site all morning so pls excuse me for not quoting the exact post where this
> was mentioned the first time.
>
> Quoting from memory, so excuse me for any discrepancies with the
> original post (it was more than 6 months ago): IE ignores not just the
> extension. If I recall correctly mime types supplied by a server are happily
> ignored as well.
>
> What happens is IE looks at the first 200 bytes or so and desides based
> on "magic" first, looks the mime type/extension later. So it is not just HTML.
Also IE runs some programs looking just for "extention" like Word or Excel files.
The another bug (in version 5.0 or 5.5, not in 4.5) is implementation for viewing/editing Word (.doc) files. Of course IE runs Word no mather is MIME for executables or jpeg. Program will return error and die when you click on "back" button.
Daniel /*Estrai*/ Lukasiak
