Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Security researchers are warning of another spoofing vulnerability in Internet Explorer, this time one that allows an attacker to mask the true file extension of malicious downloads.

The file-extension spoof means that an attacker could lull a user into opening a malicious file from a Web site by making the file appear as a legitimate extension, such as a PDF or MPEG, researchers said on Wednesday.

In a security bulletin, Copenhagen-based security vendor Secunia Ltd. rated the vulnerability as “moderately critical” and said it affected IE 6 and possibly earlier versions of the Web browser, as well.

Users can avoid the vulnerability by first saving a download to a folder, rather than directly opening it, when prompted by IE. Saving the file reveals its true file name.

A Microsoft Corp. spokeswoman said the company is investigating the file-name spoofing vulnerability but could not say whether a fix would be ready at the same time as a planned patch for another IE spoofing vulnerability.

To read the full story, click here.