Phishing with images containing hidden code
The variety of ways which a file's type can be determined is at the heart of the problem. Ever since version 4, Internet Explorer has been using MIME sniffing (also known as MIME type detection). IE does not automatically assume that a file taken from the web has the content type stated by the server in the HTTP header. Nor does it trust the file name extension or signature on their own. Instead, Internet Explorer also examines the first 256 bytes of the file in order to determine its type. If it finds HTML code there, it will run it.
This loophole can be exploited, not only for phishing attacks, but also for cross-site scripting attacks on sites that actually prevent the uploading of active content. More details on MIME sniffing, demos and tips for dealing with the problem are provided in the article Risky sniffing - MIME sniffing in Internet Explorer enables cross-site scripting attacks from The H Security. (DAB)