Opening file attachments without executing the code in the file

Expand

Collapse

My Service Notifications

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

Answer ID 2202 | Last Review Date 12/18/2018

How do I open file attachments without executing code that may be included in those files?

Environment:

File Attachments
Oracle B2C Service, All versions

Resolution:

When working with file attachments, users should be careful when opening files which may contain code that will be executed.

Of particular concern are executable files (.exe) which, when opened, can perform any operation on your system. It is recommended that executable files be deleted from the incident.

The following file types may pose a threat since a malicious user could embed javascript code inside the file that could be used to obtain information contained on the incident page from which the file was opened:

html files (.htm)
javascript files (.js)
behavior files (.htc)
cascading style sheets (.css)
text files (.txt)

When opening files of these types, Internet Explorer will be used to open the file and will execute any javascript contained within the file.

Instead of clicking on the file attachment link for these types of files, it is recommended that the user instead right-click the link and save the file. After the file has been saved it should be examined inside of a text editor such as Notepad.

Loading...

Login

How do I open file attachments without executing code that may be included in those files?

Was this answer helpful?

Still have questions?

Related Answers

Login