Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)

Microsoft Internet Explorer Information Disclosure Vulnerability (2501696) impacting IE 5.x to 8.x. Allows remote attackers to spoof content and disclose information

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2011-0096	29 Jan 201100:00	–	circl
Check Point Advisories	Microsoft Internet Explorer MHTML Content Blocks Information Disclosure (CVE-2011-0096; CVE-2011-1894)	30 Jan 201100:00	–	checkpoint_advisories
Check Point Advisories	Microsoft Internet Explorer MHTML Content Blocks Information Disclosure - Ver2 (CVE-2011-0096)	18 May 201500:00	–	checkpoint_advisories
CVE	CVE-2011-0096	31 Jan 201119:00	–	cve
Cvelist	CVE-2011-0096	31 Jan 201119:00	–	cvelist
NVD	CVE-2011-0096	31 Jan 201120:00	–	nvd
OpenVAS	Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)	5 Feb 201100:00	–	openvas
OpenVAS	Windows MHTML Information Disclosure Vulnerability (2503658)	13 Apr 201100:00	–	openvas
OpenVAS	Windows MHTML Information Disclosure Vulnerability (2503658)	13 Apr 201100:00	–	openvas
Prion	Cross site scripting	31 Jan 201120:00	–	prion

Source	Link
support	www.support.microsoft.com/kb/2501696
microsoft	www.microsoft.com/technet/security/advisory/2501696.mspx
downloads	www.downloads.securityfocus.com/vulnerabilities/exploits/46055.txt

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms_ie_mhtml_info_disc_vuln.nasl 6526 2017-07-05 05:43:52Z cfischer $
#
# Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Apply the patch from below link,
  http://support.microsoft.com/kb/2501696

  Workaround:
  Apply workaround as in the advisory.";

tag_impact = "Successful exploitation will allow remote attackers to spoof content,
  disclose information or take any action that the user could take on the
  affected Web site on behalf of the targeted user.
  Impact Level:System/ Application";
tag_affected = "Internet Explorer Version 5.x, 6.x, 7.x and 8.x";
tag_insight = "The vulnerability exists due to the way MHTML interprets MIME-formatted
  requests for content blocks within a document, which allows an attacker to
  inject a client-side script in the response of a Web request run in the
  context of the victim's Internet Explorer.";
tag_summary = "The host is installed with Internet Explorer and is prone to information
  disclosure vulnerability.

  This NVT has been replaced by NVT secpod_ms11-026.nasl
  (OID:1.3.6.1.4.1.25623.1.0.902409).";

if(description)
{
  script_id(902285);
  script_version("$Revision: 6526 $");
  script_tag(name:"deprecated", value:TRUE);
  script_tag(name:"last_modification", value:"$Date: 2017-07-05 07:43:52 +0200 (Wed, 05 Jul 2017) $");
  script_tag(name:"creation_date", value:"2011-02-05 04:12:38 +0100 (Sat, 05 Feb 2011)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2011-0096");
  script_bugtraq_id(46055);
  script_name("Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)");

  script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2501696");
  script_xref(name : "URL" , value : "http://www.microsoft.com/technet/security/advisory/2501696.mspx");
  script_xref(name : "URL" , value : "http://downloads.securityfocus.com/vulnerabilities/exploits/46055.txt");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 SecPod");
  script_family("General");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_mandatory_keys("MS/IE/Version");
  script_require_ports(139, 445);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

exit(66); ## This NVT is deprecated as addressed in secpod_ms11-026.nasl.

include("smb_nt.inc");

ieVer = get_kb_item("MS/IE/Version");
if(isnull(ieVer)){
  exit(0);
}

## Key will be added after apllying the patch
if(!registry_key_exists(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                            "\Internet Settings\RestrictedProtocols"))
{
  # Checking for value after applying patch
  value = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                          "\Internet Settings\RestrictedProtocols\1", item:"mhtml");
  if("mhtml" >!< value)
  {
    # checking for protocol setting after the patch
    pValue = registry_get_dword(key:"SOFTWARE\Microsoft\Internet Explorer\Main" +
                         "\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN", item:"explorer.exe");
    if(pValue != "1" && (pValue == 0))
    {
      # Check for version
      if(ieVer =~ "^[5|6|7|8|9]\.*"){
        security_message(0);
      }
    }
  }
}

05 Jul 2017 00:00Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.70144