Vulnerability Report

CVE-2011-0096

Title: Microsoft Windows 2003 Server Cross-Site Scripting (XSS)

XSS

Proof Of Concept

PoC Available for CVE-2011-0096

CWE Category CWE-79
Published Date Jan 31, 2011
Modified Date Jun 16, 2026
Exploit Status Available
Score 6.1 CVSS v3.1
Exploit Probability (EPSS)
46.82%

Vulnerability Summary

CVE-2011-0096: The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

Impacted Vendors

Reference Links

http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx http://osvdb.org/70693 http://secunia.com/advisories/43093 http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html http://www.exploit-db.com/exploits/16071 http://www.kb.cert.org/vuls/id/326549 http://www.microsoft.com/technet/security/advisory/2501696.mspx http://www.securityfocus.com/bid/46055 http://www.securitytracker.com/id?1025003 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0242 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/65000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956 http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx http://osvdb.org/70693 http://secunia.com/advisories/43093 http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html http://www.exploit-db.com/exploits/16071 http://www.kb.cert.org/vuls/id/326549 http://www.microsoft.com/technet/security/advisory/2501696.mspx http://www.securityfocus.com/bid/46055 http://www.securitytracker.com/id?1025003 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0242 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/65000 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity MEDIUM
6.1
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
4.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-0096 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/16071
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction REQUIRED
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Stack

No specific products linked.