Jumat, 16 September 2011

Microsoft Releases “Fixit” for MHTML Script Injection Vulnerability

Recently Microsoft released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script in the security context of the user and target location. The end result of this type of vulnerability is script encoded within the link executed in the context of the target document or target web site. By default, the MHTML protocol handler is vulnerable on Windows XP and all later supported Windows versions. Internet Explorer is an attack vector, but because this is a Windows vulnerability, the version of IE is not relevant.
To fix this vulnerability, download following "Fixit" solution to enable the Network Protocol Lockdown for mhtml: for all security zones:
Download Link
More Info

0 komentar:

Posting Komentar

### ###