Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft’s recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database. Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows
Microsoft Security Response Center – Microsoft releases Security Advisory 2501696
Microsoft Support – Microsoft Security Advisory: Vulnerability in MHTML could allow information disclosure
Microsoft TechNet – Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure
Microsoft Technet Blog – More information about the MHTML Script Injection vulnerability
MITRE CVE List – Common Vulnerabilities and Exposures: CVE-2011-0096
Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher