Executive Summary
Summary | |
---|---|
Title | Vulnerability in MHTML Could Allow Information Disclosure (2503658) |
Informations | |||
---|---|---|---|
Name | MS11-026 | First vendor Publication | 2011-04-12 |
Vendor | Microsoft | Last vendor Modification | 2011-04-12 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (April 12, 2011): Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. In a Web-based attack scenario, a Web site could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the Web site and open the specially crafted link. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS11-026.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6956 | |||
Oval ID: | oval:org.mitre.oval:def:6956 | ||
Title: | MHTML Mime-Formatted Request Vulnerability | ||
Description: | The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0096 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Windows MHTML Information Disclosure Vulnerability (2503658) File : nvt/secpod_ms11-026.nasl |
2011-02-05 | Name : Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) File : nvt/secpod_ms_ie_mhtml_info_disc_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70693 | Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS Microsoft Windows contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the MHTML protocol handler does not properly interpret MIME-formatted requests for content blocks. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-03 | Microsoft Windows MHTML XSS attempt RuleID : 52335 - Revision : 1 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows MHTML XSS attempt RuleID : 23563 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | Microsoft MHTML XSS attempt RuleID : 23562 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | MHTML XSS attempt RuleID : 20133 - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows MHTML XSS attempt RuleID : 18335 - Revision : 21 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : smb_nt_ms11-026.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:55 |
|
2014-01-19 21:30:39 |
|