Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure - 3

Discussion in 'Security Alerts' started by News, Mar 11, 2011.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Revision Note: V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. In addition, at this time, Microsoft is aware of public proof-of-concept code being used in limited, targeted attacks. Users who have applied the automated Microsoft Fix it solution described in Microsoft Knowledge Base Article 2501696 or manually applied the "Enable the MHTML protocol lockdown" workaround described in this advisory to their systems are not exposed to this vulnerability.


Share This Page