Thursday, February 23, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
New Razer Power Bank Will Charge Your Laptop, Smartphones
New HARMAN Infotainment System Integrates Apple CarPlay Through Wireless Connectivity
TSMC Outlines Its 5-nanometer Road Map
Qualcomm To Offer Developers VR Headset Powered By The With Snapdragon 835
New UHS-III SD Cards Will Offer Up To 624 MBps Transfer Rates
Google AI Tools Lets You Identify Malicious Comments on Your Website's Articles
Samsung Mass Produces 10nm Exynos 9 Application Processor
LG's Super UHD TV with Nano Cell Technology Complements OLED TVs in The Company's Premium TV Lineup
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Saturday, January 29, 2011
Microsoft Warns Of New IE Bug


Microsoft on Friday warned Windows users of a new vulnerability that attackers could exploit to steal information and dupe people into installing malware.

The company is investigating public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities, Microsoft said.

MHTML is a Web page protocol that combines resources of several different formats into a single file. Only Microsoft's IE and Opera Software's Opera support MHTML natively, while Google's Chrome and Apple's Safari do not, and Firefox requires an add-on to read and write MHTML files.

The company is aware of published information and proof-of-concept code that attempts to exploit this vulnerability but it has not yet seen any indications of active exploitation of the vulnerability.

"The vulnerability exists due to the way MHTML (MIME Encapsulation of Aggregate HTML) protocol interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user," Microsoft said.

The impact of an attack on the vulnerability would be similar to that of server-side cross-site-scripting (XSS) vulnerabilities. For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session. Such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

The workaround: Microsoft is recommending users apply locks down the MHTML protocol by running a "Fixit" tool it's made available.

Microsoft is currently working on a security update to address this vulnerability.


Previous
Next
Sony Unveils Slate of New Games for the PlayStation Network        All News        Intel SSD 510 Series With SATA III Interface Available For Pre-order
MPAA and BREIN Shut Down More Than 50 Torrent Sites     General Computing News      Wikileaks Rival OpenLeaks.org Goes Public

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft's Outlook.com Premium Emal Service Now Available
GLOBALFOUNDRIES Invests For Capacity Growth In The US, Germany, China and Singapore
Microsoft To Give A Face Lifting To Windows 10 With 'Project NEON'
The ZTE Axon 7 Gets Daydream VR Compatibility
Microsoft's Web Bowsers Loose Share, Chrome Continues To March
Microsoft Edge Will Soon Get New Features
Cloud Services Boost Microsoft's Sales And Profit
Microsoft Announces Intune for Education And New Windows 10 PCs for School
CES: Nvidia Announces New SHIELD TV, GeForce NOW service, AI Car Projects
LaCie Upgrades The d2 and Rugged Drives
Microsoft, NXP Semiconductors, IAV and Auto Mobility Partners showcase Technologies For Safe And Personalized Automated Friving at CES 2017
Microsoft Partners with TomTom Mapping Company On Azure

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .