Event 1064 - MIME Sniffing Restrictions - No Image Elevation to HTML
Applies To: Windows 7, Windows Vista
Windows® Internet Explorer® 8 uses MIME information to determine how to handle image files that are sent by a Web server. For example, when Internet Explorer receives an image file, such as a JPEG (.jpg) file, the browser can automatically display the image in an Internet Explorer browser window. The MIME Handling Restrictions feature helps prevent script-injection attacks against Web servers by ensuring that any content delivered with an IMAGE MIME is not automatically treated as HTML or XML code.
Image encoding includes provisions to embed comment blocks within the image. For example, an image can include text in the comment block to note when the picture was taken, the copyright information, and so on. The problem occurs if there is HTML or XML code included in the comment block. In this case, the browser can interpret the code as executable markup and unintentionally run malicious code. Internet Explorer 8 includes a security feature that prevents this type of attack from occurring by verifying the content sent by the HTTP server. If Internet Explorer determines that the content is not an image, but potentially malicious HTML or XML code, it will prevent the code from running.
When Is This Event Logged?
This event is logged if all of the following are true:
An HTTP server sends content with a MIME type of image/*
Internet Explorer does not recognize the content as a known image type
Internet Explorer detects that the content is actually XML or HTML code
Remediation
There is no workaround for this event. You must make sure that none of the embedded content in your image file contains executable XML or HTML code.