Another IE Spoofing Hole FoundBy Matthew Hicks | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The latest Internet Explorer vulnerability could let an attacker hide the file extension of a malicious file download. Users can avoid the threat by saving files first.Security researchers are warning of another spoofing vulnerability in Internet Explorer, this time one that allows an attacker to mask the true file extension of malicious downloads.
The file-extension spoof means that an attacker could lull a user into opening a malicious file from a Web site by making the file appear as a legitimate extension, such as a PDF or MPEG, researchers said on Wednesday.
In a security bulletin, Copenhagen-based security vendor Secunia Ltd. rated the vulnerability as "moderately critical" and said it affected IE 6 and possibly earlier versions of the Web browser, as well.