Windows : Microsoft Bulletins : Windows MHTML Information Disclosure Vulnerability (2503658)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902409

Categoría: Windows : Microsoft Bulletins

Título: Windows MHTML Information Disclosure Vulnerability (2503658)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-026.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-026.

Vulnerability Insight:
The flaw is caused by an error in the way MHTML (MIME Encapsulation of Aggregate
HTML) interprets MIME-formatted requests for content blocks within a document,
which could allow attackers to inject a client-side script in the response of a
web request run in the context of Internet Explorer by tricking a user into
following a specially crafted 'MHTML:' link.

Vulnerability Impact:
Successful exploitation could allow attackers to gain knowledge of sensitive
information.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0096
BugTraq ID: 46055
http://www.securityfocus.com/bid/46055
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
CERT/CC vulnerability note: VU#326549
http://www.kb.cert.org/vuls/id/326549
http://www.exploit-db.com/exploits/16071
http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html
Microsoft Security Bulletin: MS11-026
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026
http://osvdb.org/70693
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956
http://www.securitytracker.com/id?1025003
http://secunia.com/advisories/43093
http://www.vupen.com/english/advisories/2011/0242
XForce ISS Database: ms-win-mhtml-info-disclosure(65000)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65000

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902409
Categoría:	Windows : Microsoft Bulletins
Título:	Windows MHTML Information Disclosure Vulnerability (2503658)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-026.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-026. Vulnerability Insight: The flaw is caused by an error in the way MHTML (MIME Encapsulation of Aggregate HTML) interprets MIME-formatted requests for content blocks within a document, which could allow attackers to inject a client-side script in the response of a web request run in the context of Internet Explorer by tricking a user into following a specially crafted 'MHTML:' link. Vulnerability Impact: Successful exploitation could allow attackers to gain knowledge of sensitive information. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0096 BugTraq ID: 46055 http://www.securityfocus.com/bid/46055 Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html CERT/CC vulnerability note: VU#326549 http://www.kb.cert.org/vuls/id/326549 http://www.exploit-db.com/exploits/16071 http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html Microsoft Security Bulletin: MS11-026 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026 http://osvdb.org/70693 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956 http://www.securitytracker.com/id?1025003 http://secunia.com/advisories/43093 http://www.vupen.com/english/advisories/2011/0242 XForce ISS Database: ms-win-mhtml-info-disclosure(65000) https://exchange.xforce.ibmcloud.com/vulnerabilities/65000
Copyright	Copyright (C) 2011 Greenbone AG