Internet Explorer vulnerability allows "drive-by" browser attack
14 Mar 2011
A vulnerability in the way Internet Explorer parses MHTML content, a method for combining multiple file types and HTML content into a single file, is now being leveraged to target users as part of a "drive-by" browser attack.
The attack takes its name from the manner in which the browser is targeted. A malicious website is created first then a user is lured in. The user's browser is then forced to run Javascript code which can access information from a user's browser or worse lure him to use to install additional code that opens up his system to additional hacks.
"The end result of this type of vulnerability is script encoded within the link executed in the context of the target document or target web site," write Dave Ross and Chengyun Chu in Microsoft's Security Research & Defense blog.
The MHTML exploit was originally published on a website called WooYun. The issue was acknowledged by Microsoft in a January security advisory. According to a recent update to the advisory by Microsoft, which was later verified by Google, the exploit is now being put to use.
"We've noticed some highly targeted and apparently politically motivated attacks against our users," writes members of the Google Security Team in a blog post. "We believe activists may have been a specific target. We've also seen attacks against users of another popular social site."
Additional details regarding the exact kind of users the exploit has targeted have not been given, however Microsoft has relased a "Fix It" solution to address the issue, but a timeline for a full-fledged patch to the browser has not been given.
