| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-037 | Vulnerability in MHTML Could Allow Information Disclosure (2544893) | Windows XP | Critical | 15-06-2011 |
Technical Information
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker’s web site.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that MHTML interprets MIME-formatted requests for content that are embedded in an HTML document. Similar to server-side cross-site scripting (XSS) vulnerabilities, it is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response to a web request run in the context of the user’s instance of Internet Explorer.
Further information on this exploit is available at : MS11-037
Affected Software
Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1**
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1