[Owasp-Malaysia] How Far We Are From The Real Working Trojan VU#326549

Harisfazillah Jamel linuxmalaysia at gmail.com
Tue Feb 1 10:45:34 EST 2011


Forget to put in Mycert link

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows

http://www.mycert.org.my/en/services/advisories/mycert/2011/main/detail/801/index.html

On Tue, Feb 1, 2011 at 11:37 PM, Harisfazillah Jamel
<linuxmalaysia at gmail.com> wrote:
> Assalamualaikum and salam sejahtera,
>
> How far are we from wild working script?
>
> Microsoft Windows MHTML script injection vulnerability
>
> http://www.kb.cert.org/vuls/id/326549
>
> The vulnerability exists due to the way MHTML interprets
> MIME-formatted requests for content blocks within a document. It is
> possible under certain conditions for this vulnerability to allow an
> attacker to inject a client-side script in the response of a Web
> request run in the context of the victim's Internet Explorer. The
> script could spoof content, disclose information, or take any action
> that the user could take on the affected Web site on behalf of the
> targeted user.
>


More information about the Owasp-Malaysia mailing list