Vulnerability CVE-2011-0096

Vulnerability CVE-2011-0096

Published: 2011-01-31 Modified: 2012-02-13

Description:

	Topic	Author	Date
Low	Microsoft Internet Explorer MHTML Protocol Handler XSS	80vul	01.02.2011

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx

http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx

http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html

http://www.exploit-db.com/exploits/16071

http://www.kb.cert.org/vuls/id/326549

http://www.microsoft.com/technet/security/advisory/2501696.mspx

http://www.securityfocus.com/bid/46055

http://www.securitytracker.com/id?1025003

http://www.us-cert.gov/cas/techalerts/TA11-102A.html

http://www.vupen.com/english/advisories/2011/0242

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026

https://exchange.xforce.ibmcloud.com/vulnerabilities/65000

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956