Google Says Microsoft MHTML Bug Exploited by China

Monday, March 21, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Microsoft is investigating public reports of a vulnerability in all supported editions of Microsoft Windows.

The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure.

The impact is similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file.

The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

Google has blamed the Chinese government for problems accessing its e-mail service in the country.

Google Security Team members said “we’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

Now we are finding that Microsoft and Google are working to create a fix on the server side to reduce the risk of MHTML Vulnerability.

You can also check your machine to determine if you are vulnerable by using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect web applications including banking and e-commerce sites that use ActiveX to provide online services.

Source:  http://www.sectechno.com/2011/03/14/hackers-exploit-latest-microsoft-mhtml-bug/

Possibly Related Articles:
4882
Vulnerabilities
Google Microsoft Gmail China Vulnerabilities Headlines MHTML MIME
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.