[Owasp-Malaysia] How Far We Are From The Real Working Trojan VU#326549

najmi.zabidi at gmail.com najmi.zabidi at gmail.com
Tue Feb 1 19:42:44 EST 2011


terbayang bro haris keje kat myCERT & wear that_uniform.


On Tue, Feb 1, 2011 at 11:45 PM, Harisfazillah Jamel
<linuxmalaysia at gmail.com> wrote:
> Forget to put in Mycert link
>
> MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows
>
> http://www.mycert.org.my/en/services/advisories/mycert/2011/main/detail/801/index.html
>
> On Tue, Feb 1, 2011 at 11:37 PM, Harisfazillah Jamel
> <linuxmalaysia at gmail.com> wrote:
>> Assalamualaikum and salam sejahtera,
>>
>> How far are we from wild working script?
>>
>> Microsoft Windows MHTML script injection vulnerability
>>
>> http://www.kb.cert.org/vuls/id/326549
>>
>> The vulnerability exists due to the way MHTML interprets
>> MIME-formatted requests for content blocks within a document. It is
>> possible under certain conditions for this vulnerability to allow an
>> attacker to inject a client-side script in the response of a Web
>> request run in the context of the victim's Internet Explorer. The
>> script could spoof content, disclose information, or take any action
>> that the user could take on the affected Web site on behalf of the
>> targeted user.
>>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>


More information about the Owasp-Malaysia mailing list