Well, this fix was done more than three years ago, but this is one of most evil IE bugs in existence. Even better, it seems to have never been fixed, exists in IE7, and is being discussed in various places lately.
So, whenever anyone says IE is secure, just tell them to look at this problem.
6 thoughts on “IE finds JS in Images (old xss bug!)”
IE still does auto-detection, however they have recently added a signature for PNG files (in the MS07-057 patch), so valid PNG files will never be recognised as HTML any more.
Not that IE is perfect or anything, but this issue is not so much of an issue now that JPG/GIF/PNG files will never be detected as html.
We can only hope that other XSS bugs can also be fixed in the same 3-year-plus time window. :)
With PNG files – yes, it is fixed. With other types, e.g., PDF – still exists.
The link to the fix is broken. Is another file available elsewhere?
I just stumbled upon this page again, and I just had a look at the mediawiki fix you link to, and it’s vulnerable.
There are a bunch of other strings you need to filter (which I can’t past here due to wordpress filtering) and you need to check the first 256 bytes, rather than the first 200 bytes.
Comments are closed.