- Jan 7, 2011
- 1,362
Few days ago, Microsoft released a security bulletin warning of a new unpatched Windows vulnerability affecting all Windows versions from Windows XP through to Windows 7.
The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure.
The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer.
Although there is no patch for this vulnerability, Microsoft offers a Fix-It solution as a workaround.
Update: Though the flaw was disclosed on January 15, it's a variation of a problem first discovered in 2004, and first reported in 2007. After the 2007 report, Microsoft issued a patch, but as the latest report reveals, the patch was not completely effective.
source: ars technica
The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure.
The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer.
Although there is no patch for this vulnerability, Microsoft offers a Fix-It solution as a workaround.
Update: Though the flaw was disclosed on January 15, it's a variation of a problem first discovered in 2004, and first reported in 2007. After the 2007 report, Microsoft issued a patch, but as the latest report reveals, the patch was not completely effective.
source: ars technica
