Microsoft Internet Explorer ignores the file extension of the target document when parsing data with the MHTML protocol handler. Successful exploitation could allow information disclosure via cross-site scripting.
Microsoft Internet Explorer 8
By convincing a user to click on a specially crafted link, an attacker could execute script commands within the context of the user's browser.
BeyondTrust Prevention and Detection:
No mitigation has been provided.