Ravens PHP Scripts

Internet Explorer Used to Exploit Windows MHTML Vulnerability
Date: Wednesday, March 16, 2011 @ 00:30:37 CET
Topic: Security

A vulnerability in the way Internet Explorer parses MHTML content—a method for combining multiple file types and HTML content into a single file—is now targeting users as part of a "drive-by" browser attack.

It's called that due to the process by which attackers exploit the loophole: They'll create a malicious website, lure a user in, and then force the user's browser to run Javascript code. This code can access information from a user's browser or, worse, entice a user to install additional code that opens up his or her system to additional hacks.

"The end result of this type of vulnerability is script encoded within the link executed in the context of the target document or target web site," write Dave Ross and Chengyun Chu in Microsoft's Security Research & Defense blog.

more: PCMag

This article comes from Ravens PHP Scripts

The URL for this story is: