ServicesSecurity Alerts

Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability (new!)

2004-09-09 14:43:16 Marketing Dept



Vulnerability Name： Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability Published Date： 2004-08-19 Updated Date： 2004-08-23 CVE Number： CVE-MAP-NOMATCH Bugtraq ID：10979 Vulnerable： Microsoft Internet Explorer 6.0 SP1 Not Vulnerable： Description： Microsoft Internet Explorer is reported prone to a cross security domain scripting vulnerability. The issue is reported to present itself when a malicious MHTML file is rendered. A proof of concept for this issue employs Content-Location attributes in a MHTML file that are sufficient to trick Internet Explorer into executing script contained in the MHTML file in the intra-net security Zone. This issue is reported to affect Microsoft Internet Explorer when it is installed on a computer that is running Microsoft Windows XP Service Pack 2. This BID will be updated as further analysis of this vulnerability is completed. Vender Status： No Patch. Solution： Currently we are not aware of any vendor-supplied patches for this issue.

Editor： Marketing Dept

【Large Medium Small】【close】

■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice