TITLE:
Microsoft Internet Explorer File Download Extension Spoofing

SECUNIA ADVISORY ID:
SA10736

VERIFY ADVISORY:
http://www.secunia.com/advisories/10736/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6

DESCRIPTION:
http-equiv has identified a vulnerability in Internet Explorer,
allowing malicious web sites to spoof the file extension of
downloadable files.

The problem is that Internet Explorer can be tricked into opening a
file, with a different application than indicated by the file
extension. This can be done by embedding a CLSID in the file name.
This could be exploited to trick users into opening "trusted" file
types which are in fact malicious files.

Secunia has created an online test:
http://secunia.com/Internet_Explorer_File_..._Spoofing_Test/ (http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/)

This has been reported to affect Microsoft Internet Explorer 6.

NOTE: Prior versions may also be affected.

SOLUTION:
Do not use "Open" file, always save files to a folder as this reveals
the suspicious filename.