BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Internet Explorer MHTML Mime-Formatted Request Vulnerability

Disclosed September 23, 2011    Zeroday : 1036 days

Vulnerability Description:

Microsoft Internet Explorer ignores the file extension of the target document when parsing data with the MHTML protocol handler.  Successful exploitation could allow information disclosure via cross-site scripting.

Vendors:

Microsoft

Vulnerable Software/Devices:

Microsoft Internet Explorer 8

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Information Disclosure
By convincing a user to click on a specially crafted link, an attacker could execute script commands within the context of the user's browser.

BeyondTrust Prevention and Detection:

 

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None