Linked by HAL2001 on Mon 31st Jan 2011 22:39 UTC
Windows A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting (XSS) attacks. The vulnerability is caused due to an error in the way the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler interprets MIME-formatted requests for content blocks within a document.
Order by: Score:
Is this limited to IE?
by ingraham on Mon 31st Jan 2011 23:25 UTC
ingraham
Member since:
2006-05-20

Is this threat limited to IE? Or are other browsers on Windows affected as well? I can't tell from the description.

Reply Score: 1

RE: Is this limited to IE?
by ingraham on Mon 31st Jan 2011 23:39 UTC in reply to "Is this limited to IE?"
ingraham Member since:
2006-05-20

Just to answer my own question, yes, this appears to be limited to IE. InfoWorld has a story on it: http://www.infoworld.com/t/malware/what-microsoft-didnt-say-about-t...

BTW, has anybody even HEARD of MHTML? I kinda like the idea; I wouldn't mind sending somebody an MHTML doc instead of a PDF, for example. But none of the other browsers support MHTML (which is why they're safe), and I've never encountered an MHTML file in the real world.

Reply Score: 1

RE[2]: Is this limited to IE?
by vodoomoth on Wed 2nd Feb 2011 13:33 UTC in reply to "RE: Is this limited to IE?"
vodoomoth Member since:
2010-03-30

I've read an article on this vulnerability and it said Opera also handles that format.

Edited 2011-02-02 13:34 UTC

Reply Score: 2

Is this limited to IE?
by ghostdawg on Tue 1st Feb 2011 00:55 UTC
ghostdawg
Member since:
2005-12-31

I believe so. I just tried to open one with Firefox and it asked if I wanted to open it with IE. It is an MS format. You can also save the mhtml to a doc format using MS Word. It wouldn't work with Abiword either.

This site have a few saved in the format!

http://www.ensignsupport.com/cgi-bin/ensign/bb.cgi?edtFind=

Reply Score: 1

Comment by kvarbanov
by kvarbanov on Tue 1st Feb 2011 08:38 UTC
kvarbanov
Member since:
2008-06-16

Sorry, why is that a news ? MS and their IE have multiple vulnerabilities, just check this out - http://secunia.com/advisories/windows_insecure_library_loading/

Reply Score: 2