Security 10748 Published by

PC World posted a news story of a new zero-day Windows XSS vulnerability



Microsoft released security advisory 2501696, titled "Vulnerability in MHTML Could Allow Information Disclosure" today. The advisory addresses a flaw in the MHTML protocol handler which opens all versions of Windows to potential cross-site scripting (XSS) attacks.

The Microsoft Security Response Center (MSRC) blog explains how an attack might work in more detail once a user receives a malicious link targeting this vulnerability. "When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session. Such a script might collect user information (eg., e-mail), spoof content displayed in the browser, or otherwise interfere with the user's experience."
  Windows Vulnerable to Zero-Day XSS Attacks