CVE-2011-0096 Information

Description

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3 Windows Server 2003 SP2 Windows Vista SP1 and SP2 Windows Server 2008 Gold SP2 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer aka \MHTML Mime-Formatted Request Vulnerability.\

Reference

http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx http://osvdb.org/70693 http://secunia.com/advisories/43093 http://www.80vul.com/webzine_0x05/0x0520IEE4B88BMHTMLE58D8FE8AEAEE5B8A6E69DA5E79A84E8B7A8E59F9FE58DB1E5AEB3.html http://www.exploit-db.com/exploits/16071 http://www.kb.cert.org/vuls/id/326549 http://www.microsoft.com/technet/security/advisory/2501696.mspx http://www.securityfocus.com/bid/46055 http://www.securitytracker.com/id?1025003 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0242 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/65000 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6956