Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1132 Views 0 Replies Latest reply: Mar 25, 2011 8:41 PM by mirrorless RSS
mirrorless Champion 226 posts since
Mar 3, 2011
Currently Being Moderated

Mar 25, 2011 8:41 PM

Google & MHTML exploitation in China

Is anyone seeing sites in china having this issue?

 


Google Says Microsoft MHTML Bug Exploited by China

Monday, March 21, 2011



Headlines

                                              69dafe8b58066478aea48f3d0f384820

Microsoft is investigating public reports of a vulnerability in all  supported editions of Microsoft Windows.

The vulnerability could allow  an attacker to cause a victim to run malicious scripts when visiting  various Web sites, resulting in information disclosure.

The impact is  similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as  images to be combined with HTML into a single file.

The vulnerability  lies in how MHTML interprets Multipurpose Internet Mail Extensions  (Mime) for content blocks in a document.

Google has blamed the Chinese government for problems accessing its e-mail service in the country.

Google Security Team members said “we’ve noticed some highly targeted and apparently  politically motivated attacks against our users. We believe activists  may have been a specific target. We’ve also seen attacks against users  of another popular social site.”

Now we are finding that Microsoft and Google are working to create a  fix on the server side to reduce the risk of MHTML Vulnerability.

You can also check your machine to determine if you are vulnerable by  using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect  web applications including banking and e-commerce sites that use ActiveX  to provide online services.

Source:  http://www.sectechno.com/2011/03/14/hackers-exploit-latest-microsoft-mhtml-bug/

 

 

Microsoft, Google warn of limited MHTML exploits - SC Magazine US

 

Cybercriminals are launching "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows, Microsoft has warned.

The bug, disclosed in January, is present in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler, used by applications to render certain types of documents. It is similar to a cross-site scripting issue.

Unsuspecting Internet Explorer users could become victims if they are tricked into visiting a specially crafted website that forces them to run malicious scripts, Microsoft said in its advisory, which was updated Friday to reflect the discovery of in-the-wild attacks.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points