Forget to put in Mycert link MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows
http://www.mycert.org.my/en/services/advisories/mycert/2011/main/detail/801/index.html On Tue, Feb 1, 2011 at 11:37 PM, Harisfazillah Jamel <[email protected]> wrote: > Assalamualaikum and salam sejahtera, > > How far are we from wild working script? > > Microsoft Windows MHTML script injection vulnerability > > http://www.kb.cert.org/vuls/id/326549 > > The vulnerability exists due to the way MHTML interprets > MIME-formatted requests for content blocks within a document. It is > possible under certain conditions for this vulnerability to allow an > attacker to inject a client-side script in the response of a Web > request run in the context of the victim's Internet Explorer. The > script could spoof content, disclose information, or take any action > that the user could take on the affected Web site on behalf of the > targeted user. > _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
