[Owasp-Malaysia] How Far We Are From The Real Working Trojan VU#326549

Harisfazillah Jamel linuxmalaysia at gmail.com
Tue Feb 1 10:37:24 EST 2011


Assalamualaikum and salam sejahtera,

How far are we from wild working script?

Microsoft Windows MHTML script injection vulnerability

http://www.kb.cert.org/vuls/id/326549

The vulnerability exists due to the way MHTML interprets
MIME-formatted requests for content blocks within a document. It is
possible under certain conditions for this vulnerability to allow an
attacker to inject a client-side script in the response of a Web
request run in the context of the victim's Internet Explorer. The
script could spoof content, disclose information, or take any action
that the user could take on the affected Web site on behalf of the
targeted user.


More information about the Owasp-Malaysia mailing list