Summary
The host is installed with Internet Explorer and is prone to information disclosure vulnerability.
This NVT has been replaced by NVT secpod_ms11-026.nasl (OID:1.3.6.1.4.1.25623.1.0.902409).
Impact
Successful exploitation will allow remote attackers to spoof content, disclose information or take any action that the user could take on the affected Web site on behalf of the targeted user.
Impact Level:System/ Application
Solution
Apply the patch from below link,
http://support.microsoft.com/kb/2501696
Workaround:
Apply workaround as in the advisory.
Insight
The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document, which allows an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer.
Affected
Internet Explorer Version 5.x, 6.x, 7.x and 8.x
References
Severity
Classification
-
CVE CVE-2011-0096 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- aMSN session hijack vulnerability (Windows)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)