Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability

Microsoft Internet Explorer is reported prone to a cross security domain scripting vulnerability. The issue is reported to present itself when a malicious MHTML file is rendered.

A proof of concept for this issue employs Content-Location attributes in a MHTML file that are sufficient to trick Internet Explorer into executing script contained in the MHTML file in the intra-net security Zone.

This issue is reported to affect Microsoft Internet Explorer when it is installed on a computer that is running Microsoft Windows XP Service Pack 2.

This BID will be updated as further analysis of this vulnerability is completed.


Privacy Statement
Copyright 2010, SecurityFocus