The Microsoft Windows MHTML interpreter contains a vulnerability in the way it parses content blocks within a document viewed by Internet Explorer. An attacker may inject a client-side script which runs in the context of the target’s browser, leading to possible information disclosure.
All supported versions of Microsoft Windows
Information disclosure. This vulnerability may allow an attacker who has successfully injected a script to perform actions on behalf of the user on a website, disclose information (cookies, passwords) and possibly spoof content.
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability
Apply appropriate patch from MS11-026.