//
you're reading...
IT, Security

Microsoft Security Advisory (2501696)

Microsoft Security Advisory service provides information on active issues in any Microsoft product currently in any of the support windows (sorry about the pun.)

MS-SA2501696[1] describes a publicly Reported vulnerability in how MS software handles certain data requests using MIME and is essentially an issue with all versions of MS Windows, rather than the browser, MS Internet Explorer but is only exposed through IE as far as I can tell from the announcement.

The issue can allow a “Client Side Script[2] attack that can disclose information, take action in a web page without use consent or Spoof the returned content.

No fix yet but if you disable scripting as described in the article then you effectively prevent this vulnerability being activated. ActiveX, VBScript and JavaScript scripting have had very bad press over the years anyway, such as XSS[3], but are still required for many websites to function correctly.

The CVE entry for this issue, CVE-2011-0096[4], has yet to be updated.


References
[1] MS Security Advisory 01/02/2011
[2] Wikipedia (Client Side Scripting) 01/02/2011
[3] TechTarget (XSS) 01/02/2011
[4] CVE (2011-0096) 01/02/2011

– Posted using BlogPress from my iPhone

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.

Discussion

One thought on “Microsoft Security Advisory (2501696)

  1. CVE-2011-0096 has now been published as “candidate“.

    Posted by harlekwinblog | 2011/02/02, 1:29 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: