MHTML: Web-Level Exploitation

Posted by John Onwuegbu | Wednesday, March 16, 2011 |

MHTML vulnerability disclosed in January 2011, a public security threat that affects Internet Explorer has now taken an apparently motivated attack against users of Social Networking sites and Google services. The report posted on Google online security blog indicates an active exploitation of the vulnerability in highly targeted attacks against its users browsing with Internet Explorer browser.

MHTML is a simple container format that combines several documents in a single file (MIME encapsulation), albeit not commonly used on the web, employed by Microsoft IE to save downloaded pages to disk, also embraced by a hand-full of third-party applications to deliver HTML-based documentations.

Google has recommended that concerned users should consider deploying Microsoft's temporary Fix it Script to block this attack, however, Google's security team have partnered with Microsoft to arrive at a permanent fix soon.

In addition, Google has employed several server-side defenses  to make the MHTML vulnerability more difficult to exploit.

This leveraging vulnerability is unique been a web-level exploit, as opposed to exploitations directly compromising users systems. And it represents a new level vulnerabilities to interact with web services, of which perfectly blocking the offending input patterns is highly unlikely, until the problem is addressed by the vendor through Windows Update.