The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2011-1894

Windows: script execution via MHTML

Synthesis of the vulnerability

An attacker can invite the victim to click on a "mhtml:" link, in order to execute script code on his computer.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows 95, Windows Vista, Windows XP.
Severity of this bulletin: 2/4.
Consequences of an intrusion: user access/rights, data reading.
Hacker's origin: document.
Creation date: 15/06/2011.
Références of this threat: 2544893, BID-48205, CERTA-2011-AVI-345, CVE-2011-1894, MS11-037, VIGILANCE-VUL-10731.

Description of the vulnerability

The RFC 2557 defines the MHTML (MIME Encapsulation of HTML) format, which is used to store in one file an HTML document and its images . When the user clicks on a "mhtml:" url, Internet Explorer is called.

The HTML "EMBED" element is used to insert a document (audio, video, etc.) in an HTML page. However, EMBED elements can also contain script code, which is interpreted by Internet Explorer in the wrong security context.

An attacker can therefore invite the victim to click on a "mhtml:" link, in order to execute script code on his computer.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.