 Microsoft informs Zscaler Labs, via the MAPPs program, of an unpatched 0day vulnerability in Internet Explorer that allows an attacker to inject client side script into a web server response. All SecureSCREEN clients protected
The vulnerability exists within the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler for all current versions of Internet Explorer. Successful exploitation would be similar to that of a cross-site scripting (XSS) attack and could result in an attacker spoofing content, hijacking session credentials, disclosing information, etc. Publicly available exploit code exists for this attack but targeted attacks have not yet been seen in the wild.
While Microsoft has issued a security advisory for this vulnerability and recommended workarounds, a patch is not presently available, and it is not known when one will be issued. In the meantime, Zscaler has deployed protections for this vulnerability, ensuring that all Seccom Global SecureSCREEN customers are shielded from attack without the need to take further action. Â
Affected Software
- Windows 7
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
For more information on our SecureSCREEN service, please click here
Â