> Von: chef [mailto:chefat_private] > Gesendet: Donnerstag, 29. November 2001 19:03 > > > Von: StatiC [mailto:staticat_private] > > Gesendet: Donnerstag, 29. November 2001 03:52 > > > > I was playing with apache configs a few months ago and > > noticed a similar issue with IE5.5. The procodure below will > > cause IE5.5 to display the open dialog for readme.txt but > > once opened, it executes immediately on IE5.5 sp2 with no > > hint that it is really getting an executable file called > > calc.exe. I only tested it with IE5.5. > > I testet it right now, with IE6; Q312461 / WinXP and i think > there is no problem at all. > > First a question for text.txt pops up and when i say "open" > a second message with question for save / open pops up. > This second popup tells the right name "calc.exe" . > Finally when i say "open" it opens the calculator. > > For testing: http://www.geilerserver.de/text.txt > > > Why does microsoft think it is wise to trust the filename in > > the url over what the header content-type is set to for > > display purposes since the content-type seems to take > > priority for what will really happen with the file. > > I think that's only a Problem of older Versions. Hello, I tryed with Win98 5.5 SP2; Q312461 and can confirm the "Sec. hole" Only the first "text.txt" dialog pop-up's and if i choose "open" the "calc.exe" will be executed. It crashes on win98, becouse it's from XP, but thats another thing. ^cUbE^
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 11:24:53 PST