MHTML vulnerability under active exploitation

News / Stories Privacy Attacks

The flaw, which was first highlighted by Microsoft in an advisory in January, allows an attacker to inject a client-side script into the response to a request made by Internet Explorer.

The script could allow a hacker to compromise the user by performing actions online that appear to have originated from the user; by stealing information from the user; or by otherwise trying to fool them.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011.

Users browsing with the Internet Explorer browser are affected.

For now, users and corporations seriously consider deploying Microsoft’s temporary Fixit to block this attack until an official patch is available.

Paper: Hacking with mhtml protocol handler