Executive Summary
Summary | |
---|---|
Title | Microsoft Windows MHTML script injection vulnerability |
Informations | |||
---|---|---|---|
Name | VU#326549 | First vendor Publication | 2011-01-28 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-12 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#326549Microsoft Windows MHTML script injection vulnerabilityOverviewMicrosoft Windows contains an script injection vulnerability in the MHTML protocol handler, which may allow an attacker to execute arbitrary script within the context of another website domain.I. DescriptionMicrosoft Windows contains a script injection vulnerability caused by the way MHTML interprets MIME-formatted requests for content blocks within a document. According to Microsoft TechNet Security Research & Defense blog: "It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user."II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to obtain access to web content in another domain. The impact is similar to that of a cross-site scripting vulnerability. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.III. SolutionApply an updateThis issue is addressed in Microsoft Security Bulletin MS11-026. Lock down the MHTML protocol handler
Referenceshttp://www.microsoft.com/technet/security/bulletin/ms11-026.mspx Thanks to Microsoft Security Response Center for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/326549 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6956 | |||
Oval ID: | oval:org.mitre.oval:def:6956 | ||
Title: | MHTML Mime-Formatted Request Vulnerability | ||
Description: | The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0096 | Version: | 11 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : Windows MHTML Information Disclosure Vulnerability (2503658) File : nvt/secpod_ms11-026.nasl |
2011-02-05 | Name : Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) File : nvt/secpod_ms_ie_mhtml_info_disc_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70693 | Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS Microsoft Windows contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the MHTML protocol handler does not properly interpret MIME-formatted requests for content blocks. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-03 | Microsoft Windows MHTML XSS attempt RuleID : 52335 - Revision : 1 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows MHTML XSS attempt RuleID : 23563 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | Microsoft MHTML XSS attempt RuleID : 23562 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | MHTML XSS attempt RuleID : 20133 - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows MHTML XSS attempt RuleID : 18335 - Revision : 21 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-04-13 | Name : The remote Windows host is affected by an information disclosure vulnerability. File : smb_nt_ms11-026.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:01 |
|
2013-05-11 00:57:01 |
|