Microsoft Internet Explorer MHTML Content-Location Cross Security Domain Scripting Vulnerability
Microsoft Internet Explorer is reported prone to a cross security domain scripting vulnerability. The issue is reported to present itself when a malicious MHTML file is rendered.
A proof of concept for this issue employs Content-Location attributes in a MHTML file that are sufficient to trick Internet Explorer into executing script contained in the MHTML file in the intra-net security Zone.
This issue is reported to affect Microsoft Internet Explorer when it is installed on a computer that is running Microsoft Windows XP Service Pack 2.
This BID will be updated as further analysis of this vulnerability is completed.