Yet Another Microsoft IE Cross Site Scripting Bug

From http://www.networkworld.com/news/2011/012811-microsoft-warns-of-new-windows.html

See the security advisory issued by Microsoft on the Windows’ MHTML (MIME HTML) protocol handler vis a vis running malicious scripts within Internet Explorer. The article says:

“An attacker could pretend to be the user, and act if as he was you on that specific site,” said Storms. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.”
Microsoft elaborated on the threat. “Such a script might collect user information, for example e-mail, spoof content displayed in the browser or otherwise interfere with the user’s experience,” said Angela Gunn, a Microsoft security spokeswoman, in a post to the Microsoft Security Response Center (MSRC) blog.

Apparently Microsoft does not have a patch, but has provided a “Fixit” tool to automate the process of editing the Windows registry and let users continue to run MHTML files that include scripting after approving them in a UAC warning) box. To get the  Fixit tool goto Microsoft’s support site.


Comments are closed