Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-rkdp-67ts-uyht |
|---|
| Summary | By layering a transparent image link to an executable on top of a
visible (and presumably desirable) image
a malicious site might be able to convince some visitors to
right-click and choose "Save image as..." from the context menu
and fool them by giving them the executable instead. When the users
later double-click on the saved "image" to view or edit it
the attacker's malware would be run.The attacker could put a lot of spaces before the extension to hide it
by pushing it out of the standard file-saving dialog, and once downloaded
the default Windows behavior of hiding the extension could make a filename
such as "bikini.jpg .exe"
look like a legitimate image. The attacker
could further this illusion by embedding a common image icon into
the executable. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | null |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-rkdp-67ts-uyht |
|---|