Intel Name: Potential file extension spoofing using right-to-left override
Date of Scan: November 19, 2024
Impact: Medium
Summary: “Potential File Extension Spoofing Using Right-to-Left Override” refers to a security technique where attackers exploit the Right-to-Left Override (RTLO) character in file names to manipulate how file extensions are displayed. The RTLO character causes text to be rendered in reverse order, allowing attackers to make a malicious file appear as a harmless one. For example, they could make a file with a “.exe” extension appear as a “.jpg” image file by placing the RTLO character before the extension, tricking users into opening a potentially dangerous file. This method can be used to bypass security checks and deceive users into executing malicious software.