You are here

T-578: Vulnerability in MHTML Could Allow Information Disclosure

March 15, 2011 - 3:05pm

Addthis

PROBLEM:

Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session.

PLATFORM:

Windows 2003 SP2, Vista SP2, 2008 SP2, XP SP3, 7; and prior service packs

ABSTRACT:

A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks.

reference LINKS:

Microsoft Security Advisory (2501696)
CVE-2011-0096
SecurityTracker Alert ID: 1025003
Bugtraq ID: 46055

IMPACT ASSESSMENT:

Moderate

Discussion:

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

Impact:

Microsoft Windows is prone to a vulnerability that may allow attackers to inject arbitrary script code into the current browser session.
A successful exploit will result in the execution of arbitrary attacker-supplied script code in the context of Internet Explorer. This may allow the attacker to obtain sensitive information, spoof content, or perform arbitrary actions on a targeted website in the context of the victim.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the target site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Affected software versions:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1**
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

**Server Core installation not affected. The vulnerability described in this advisory does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.

Solution:

Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems.
Microsoft Security Response Center

Related References: DOE-CIRC Tech Bullentin T-546.

 

Addthis