BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Windows MHTML

Disclosed January 28, 2011    Fully Patched

Vulnerability Description:

The Microsoft Windows MHTML interpreter contains a vulnerability in the way it parses content blocks within a document viewed by Internet Explorer. An attacker may inject a client-side script which runs in the context of the target’s browser, leading to possible information disclosure.

Vendors:

Microsoft

Vulnerable Software/Devices:

All supported versions of Microsoft Windows

Vulnerability Severity:

Low

Exploit Availability:

N/A

Exploit Impact:

Information Disclosure
Information disclosure. This vulnerability may allow an attacker who has successfully injected a script to perform actions on behalf of the user on a website, disclose information (cookies, passwords) and possibly spoof content.

BeyondTrust Prevention and Detection:

Mitigation:

Apply appropriate patch from MS11-026.

Links:

CVE(s):

None

Leave a Reply