Security researchers on Wednesday released details of yet another spoofing flaw in Microsoft's
Internet Explorer browser that could trick users into downloading malicious files.
The latest IE bug, which carries a "moderately critical" rating from tech security consulting firm Secunia, could allow malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS
Secunia has posted an online demonstration of the security hole.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iThe latest IE flaw, first reported by Secunia's Malware http-equiv list, affects Internet Explorer version 6. As a workaround, IE users are urged to avoid using the "open file" option when downloading a file. Instead, IE users are urged to save files to a folder as this reveals the suspicious filename.
Microsoft has confirmed the development of patches for several known IE vulnerabilities but the complicated testing process had led to a delay in the release of fixes.
Two of the more serious IE flaws that remain unpatched include a