Zscaler Security Advisories

Security Advisory - January 28, 2011

Zscaler Provides Protection for 0day Vulnerability in Microsoft Internet Explorer MHTML Protocol Handler

Microsoft today informed Zscaler Labs, via the MAPPs program, of an unpatched 0day vulnerability in Internet Explorer that allows an attacker to inject client side script into a web server response. The vulnerability exists within the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler for all current versions of Internet Explorer. Successful exploitation would be similar to that of a cross-site scripting (XSS) attack and could result in an attacker spoofing content, hijacking session credentials, disclosing information, etc. Publicly available exploit code exists for this attack but targeted attacks have not yet been seen in the wild.

While Microsoft has issued a security advisory for this vulnerability and recommended workarounds, a patch is not presently available, and it is not known when one will be issued. In the meantime, Zscaler has deployed protections for this vulnerability, ensuring that Zscaler customers are shielded from attack without the need to take further action. We will continue to monitor the issue and provide additional protections as warranted. A preliminary analysis of Zscaler logs has not revealed any attacks on Zscaler customers to this point.

2501696 – Microsoft Security Advisory: Vulnerability in Internet Explorer Could Allow Remote Code Execution

CVE: CVE-2011-0096

Affected Software

  • Windows 7
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008