[Owasp-Malaysia] How Far We Are From The Real Working Trojan VU#326549

Harisfazillah Jamel linuxmalaysia at gmail.com
Tue Feb 1 10:45:34 EST 2011

Forget to put in Mycert link

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows


On Tue, Feb 1, 2011 at 11:37 PM, Harisfazillah Jamel
<linuxmalaysia at gmail.com> wrote:
> Assalamualaikum and salam sejahtera,
> How far are we from wild working script?
> Microsoft Windows MHTML script injection vulnerability
> http://www.kb.cert.org/vuls/id/326549
> The vulnerability exists due to the way MHTML interprets
> MIME-formatted requests for content blocks within a document. It is
> possible under certain conditions for this vulnerability to allow an
> attacker to inject a client-side script in the response of a Web
> request run in the context of the victim's Internet Explorer. The
> script could spoof content, disclose information, or take any action
> that the user could take on the affected Web site on behalf of the
> targeted user.

More information about the Owasp-Malaysia mailing list