MSFN Forum: 900 million Internet Explorer users hit by bug - You're probably one of them!

Jump to content






Icon Latest News Comments


Icon MSFN Statistics

  • Total Posts 802105
  • Total Members 102097
  • Newest Member jimmyjohn 
  • Online At Once Record 17869
  • Online Now: 3112



    Icon Recommended Sites

    AskVG.com Bink Filehorse FreewareFiles IT Magazine lunarsoft Where unprofessional journalism looks better OSNN TechLog The Windows Club WinBeta

900 million Internet Explorer users hit by bug - You're probably one of them! **---

Posted on Feb 01 2011 08:51 PM by xper  in Security | Viewed 2855 Times

Are you a Windows user that still surfs the web with Internet Explorer? Well, if you are one of the 900 million who do, you need to to sit up and pay attention to a new vulnerability that affects you. Details here:

Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

This issue affects ALL versions of Windows, from XP SP3 all the way to Windows 7 and Windows Server 2008 R2 (Server Core installations are unaffected).

Microsoft has published a one-click “Fix it” workaround for the bug that involved locking down MHTML. This will prevent the launch of script in all zones within an MHTML document. Any application that uses MHTML will be affected by this workaround.

Source: ZDNet




2 Comments

Page 1 of 1

cantoris 

01 February 2011 - 04:40 PM
Yawn yawn yawn.
Why the silly alarmist IE-bashing tone about a vulnerability for which no attack yet exists and for which MS have provided a workaround already?

Anyone who's read Secunia's stuff in the past will know Firefox et al are not sweetness and light when it comes to security vulnerabilities.

Maxfutur 

03 February 2011 - 12:19 AM
@cantoris
I think, the problem is very clear:

Quote

published information and proof-of-concept code that attempts to exploit this vulnerability.


When bugs or 'vulnerabilities' doesn't get disclosed meaning where is the risk, they keep it like "security risk in IE" or so.
You do not have permission to leave comments on this article
Page 1 of 1



All trademarks mentioned on this page are the property of their respective owners
Copyright © 2001 - 2013 msfn.org
Privacy Policy