PT-2008-6605 · Microsoft+1 · Internet Explorer+1
Published
2008-12-12
·
Updated
2018-10-11
·
CVE-2008-5544
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Hacksoft The Hacker version 6.3.1.2.174
Hacksoft The Hacker version 6.3.0.9.081
Description
The issue allows remote attackers to bypass detection of malware in an HTML document. This is achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension.
Recommendations
For Hacksoft The Hacker version 6.3.1.2.174, update the software to detect malware in HTML documents regardless of the file extension.
For Hacksoft The Hacker version 6.3.0.9.081, update the software to detect malware in HTML documents regardless of the file extension.
As a temporary workaround, consider restricting the use of Internet Explorer 6 or 7 with Hacksoft The Hacker until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hacksoft The Hacker
Internet Explorer