SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1025655
SecurityTracker URL:  http://securitytracker.com/id/1025655
CVE Reference:   CVE-2011-1894   (Links to External Site)
Updated:  Nov 9 2011
Original Entry Date:  Jun 14 2011
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft MHTML. A remote user can conduct cross-site scripting attacks.

A remote user can create specially crafted HTML containing the <EMBED> tag that, when loaded by a target user, will trigger a flaw in the MHTML protocol handler and cause arbitrary scripting code to be executed by the target user's browser. The code will run in the security context of an arbitrary site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Windows DLL (Any) software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=CE5BC2D7-9438-4BF0-BE5E-BE9DD00C3286

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7B211B02-A005-46A3-AD1D-D4BAAEEC8289

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6427EA5D-05D0-4367-805C-9CB305802B3C

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E7F65891-32C0-4817-B3B2-D8BE73145DF9

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=CA8B1D09-9F80-417B-99B1-8F86E86E1F11

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=EBEA38A7-1FBE-4141-A529-52D7A7326D6A

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=54833350-A385-4A31-995A-9DDC38798C21

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6A3BBD67-94DB-40B2-8786-CB39A493EC92

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4CB870F3-9878-4075-B8FD-2EE90C8E3BC8

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E1243011-00E6-49F2-A676-C04CB805D36A

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=C3647646-658A-423B-B0CB-BBA7613B67E7

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=7996511D-4B8E-49C3-A0FA-4DA907A6C947

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=40354F73-4F4D-4A4A-ABAC-F8A3D4C3AE5F

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=22853823-8F63-4258-8991-1AD50E58A0D9

A restart may be required.

[Editor's note: On November 8, 2011, the vendor reissued this bulletin to indicate that customers using Windows XP or Windows Server 2003 should install the re-offered update even if they successfully installed the update originally offered on June 14, 2011.]

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-037.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-037.mspx (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC