These vulnerabilities allow one to use malicious HTML / javascript in IPB content to read a users cookies. These vulnerabilities are only executed by those using IE 6 due to weak MIME checking and tag concurrency checking.
Attached are two update packs. One for IPB 2.1.0 and one for IPB 2.0.4. In addition to these update packs, we recommend that you also change some MIME types for your attachment types using the instructions below.
Changing MIME types
IPB has a powerful attachments manager which allows you to determine how attached files are displayed. Due to weak MIME checking in IE6 combined with an eagerness to step over established web standards to display content, this feature can be abused. To prevent any rogue HTML being uploaded and executed, we recommend that you do the following:
- Log in to your Admin Control Panel.
- Locate the Attachments Types Manager. In IPB 2.1 this is under the Management Tab -> Attachments -> Attachment Types. In IPB 2.0.x, this is under Attachments -> Attachment Types.
- Edit the rows for: ".htm", ".html", ".txt", ".rtf", ".css", ".xml", ".php" and make the "Attachment Mime-Type" "unknown/unknown" (without the quotes).
Update pack for IPB 2.0.4
ipb204update.zip 13.17K
4131 downloadsUpdate pack for IPB 2.1.0
ipb21update.zip 13.27K
2650 downloadsSimply download the require pack, unzip and upload over your current files on your server. File structure is preserved to make it easier to locate these files on your server.
The main download sources have been updated as of the time of this announcement.
