The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 |
||
microsoft windows server 2008 r2 |
||
microsoft windows xp |
||
microsoft windows server 2008 - |
||
microsoft windows 7 - |
||
microsoft windows vista |
||
microsoft windows server 2003 |
||
microsoft windows 2003 server |
This month, Microsoft is releasing 17 bulletins to address 63 security vulnerabilities across a wide range of Windows products. Out of these vulnerabilities, 12 are rated critical and 51 important. About half of these vulnerabilities are being patched with the MS11-034 bulletin. They all involve Elevation of Privilege vulnerabilities in the Windows kernel. Elevation of privilege vulnerabilities have gained a lot in popularity as Windows 7 and the use of sandboxes have been gaining traction. Thes...
Microsoft released another heap of patches today, twelve to be exact. Most interesting is the IE CSS parser vulnerability that was exploited with a new Eleonore Exploit Pack release, v1.6.3a, selling for over $2,000 with the 0day, some new exploits, and interesting anti-research and tracking functionality. The vulnerability has been publicly disclosed by a Chinese researcher since at least late November. Also interesting enough to deserve a security advisory and FixIt patch, is a vulnerability d...
This month’s patch Tuesday is comprised of three bulletins covering four vulnerabilities. Two bulletins affect Windows while the other affects Office. The Windows vulnerabilities affect all currently supported client OS’s. The only critical vulnerability of this month belongs to Windows Media. A maliciously crafted MS-DVR file can allow for remote code execution. The affected products are Windows Media, Groove and Remote Desktop. Two vulnerabilities are being fixed in Windows Media. All thre...