Description: There are large number of web applications including many giant mail services which have features to send/upload files as attachment. As part of our research that has been done so far, we have tested that a malicious file can cause Internet Explorer (version 6 to 9) to execute the javascript contained in it. This is possible because of the way content-sniffing algorithms have been implemented in various version of Internet Explorer. As such the bypassing techniques which affect version 5, 6 and 7 have been mitigated successfully in version 8 and 9 of IE. However the new algorithm has certain flaws because of which version 8 and 9 of IE are also prone to this vulnerability.
This paper will try to give information about the “Content-Sniffing Algorithms” present in various latest browsers, their strengths and weaknesses. It will also talk about how various web applications and most versions of Internet Explorer become vulnerable to various attack vectors such as XSS, Active-x exploitation and more. The paper will also talk about possible counter measures against these kinds of vulnerabilities and attacks.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.