Forum

3.2.11

MHTML (Cross-Site Scripting Vulnerability)

Secunia Advisory SA43093
Release Date 2011-01-29

Impact -Cross Site Scripting

Where -From remote

Authentication level -Available in Customer Area

Report reliability -Available in Customer Area

Solution Status -Vendor Workaround

Systems affected -Available in Customer Area

Approve distribution -Available in Customer Area



Operating System

Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional


Secunia CVSS Score
Available in Customer Area
CVE Reference(s)
CVE-2011-0096 CVSS available in Customer Area

*Keterangan kerentanan telah dilaporkan dalam Microsoft Windows, yang dapat dimanfaatkan oleh orang-orang jahat untuk melakukan serangan cross-site scripting.
Kerentanan ini disebabkan karena adanya kesalahan dalam cara MHTML (MIME Enkapsulasi Agregat HTML) handler protokol untuk menafsirkan permintaan MIME-diformat untuk memblokir konten dalam dokumen. Untuk contoh ini dapat dimanfaatkan melalui Internet Explorer untuk mengeksekusi HTML sewenang-wenang dan kode script pada sesi browser pengguna dalam konteks dari sebuah situs web. Solusi, Aktifkan kuncian protokol MHTML (baik secara manual atau menggunakan secara otomatis tersedia "Microsoft Fix it" solusi).
Provided and/or discovered by
d4rkwind

Original Advisory
Microsoft:
http://www.microsoft.com/technet/security/advisory/2501696.mspx

Ph4nt0m Webzine 0x05 (Chinese):
http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Diposting oleh Fitroh Harris di 08.22

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)