Recently Microsoft released Security Advisory 2501696 to alert customers to a publicly disclosed vulnerability in the MHTML protocol handler. This vulnerability could allow attackers to construct malicious links pointing to HTML documents that, when clicked, would render the targeted document and reflected script in the security context of the user and target location. The end result of this type of vulnerability is script encoded within the link executed in the context of the target document or target web site.
By default, the MHTML protocol handler is vulnerable on Windows XP and all later supported Windows versions. Internet Explorer is an attack vector, but because this is a Windows vulnerability, the version of IE is not relevant.
To fix this vulnerability, download following "Fixit" solution to enable the Network Protocol Lockdown for mhtml: for all security zones:
This article was posted by VG in following section: Internet Explorer, Troubleshooting, Windows 7, Windows Vista, Windows XP.
If you enjoyed this article, subscribe to our RSS feed or free newsletter to get all new articles directly in your Inbox. Also check out our popular articles and archive to read other interesting articles.
Reddy
Thanks.
Caesarivs
Thank you!
But what if I don't use IE but I'm on a W7 laptop? Do I need it?
Someone
Do you really need this?
heir
thanks VG