//
you're reading...
IT, Security

Microsoft Security Advisory (2501696)

Microsoft Security Advisory service provides information on active issues in any Microsoft product currently in any of the support windows (sorry about the pun.)

MS-SA2501696[1] describes a publicly Reported vulnerability in how MS software handles certain data requests using MIME and is essentially an issue with all versions of MS Windows, rather than the browser, MS Internet Explorer but is only exposed through IE as far as I can tell from the announcement.

The issue can allow a “Client Side Script[2] attack that can disclose information, take action in a web page without use consent or Spoof the returned content.

No fix yet but if you disable scripting as described in the article then you effectively prevent this vulnerability being activated. ActiveX, VBScript and JavaScript scripting have had very bad press over the years anyway, such as XSS[3], but are still required for many websites to function correctly.

The CVE entry for this issue, CVE-2011-0096[4], has yet to be updated.


References
[1] MS Security Advisory 01/02/2011
[2] Wikipedia (Client Side Scripting) 01/02/2011
[3] TechTarget (XSS) 01/02/2011
[4] CVE (2011-0096) 01/02/2011

– Posted using BlogPress from my iPhone

Advertisements

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.

Discussion

One thought on “Microsoft Security Advisory (2501696)

  1. CVE-2011-0096 has now been published as “candidate“.

    Posted by harlekwinblog | 2011/02/02, 1:29 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

RSS This Blog…

  • An error has occurred; the feed is probably down. Try again later.

Share me…

Bookmark and Share

Twitter Updates

February 2011
S M T W T F S
« Jan   Mar »
 12345
6789101112
13141516171819
20212223242526
2728  
%d bloggers like this: