Lucene search

K
cve[email protected]CVE-2011-0096
HistoryJan 31, 2011 - 8:00 p.m.

CVE-2011-0096

2011-01-3120:00:49
CWE-79
web.nvd.nist.gov
36
cve-2011-0096
mhtml
protocol handler
vulnerability
microsoft windows
cross-site scripting
xss
nvd
security
internet explorer

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.971 High

EPSS

Percentile

99.8%

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka “MHTML Mime-Formatted Request Vulnerability.”

Affected configurations

NVD
Node
microsoftwindows_2003_serversp2
OR
microsoftwindows_2003_serversp2itanium
OR
microsoftwindows_7Match-
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_server_2008Matchr2itanium
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp2x64
OR
microsoftwindows_xpsp3

References

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.971 High

EPSS

Percentile

99.8%