- Jan 24, 2011
- 9,378
New attacks are being reported using Internet Explorer to exploit a Windows vulnerability that was originally disclosed in January, but has not yet been patched. There is still no patch imminent, but there is a tool available from Microsoft to address the issue and protect your PC.
The actual flaw is with the MHTML protocol handler in Windows--not in Internet Explorer itself--and affects all versions of the Windows operating system. However, Internet Explorer is the only known attack vector for exploiting the vulnerability.
Attacks exploiting this flaw are similar to cross-site scripting attacks and enable the attacker to intercept and collect user information, spoof the content that is displayed to the browser, or interfere with the user's browsing experience in other ways. It is also possible that the attacker may be able to run malicious scripts within the context of the IE session.
More details - link
The actual flaw is with the MHTML protocol handler in Windows--not in Internet Explorer itself--and affects all versions of the Windows operating system. However, Internet Explorer is the only known attack vector for exploiting the vulnerability.
Attacks exploiting this flaw are similar to cross-site scripting attacks and enable the attacker to intercept and collect user information, spoof the content that is displayed to the browser, or interfere with the user's browsing experience in other ways. It is also possible that the attacker may be able to run malicious scripts within the context of the IE session.
More details - link
