CVE-2011-0096

MEDIUM EXPLOITED

Microsoft Windows - Cross-Site Scripting via MHTML Protocol Handler

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-0096 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including 80vul.

AI-analyzed exploit summary This is a detailed technical writeup discussing multiple attack vectors leveraging the MHTML protocol handler vulnerability (CVE-2011-0096). It includes proof-of-concept examples for XSS, bypassing X-Frame-Options, and local file theft via Adobe Reader and Microsoft Word.

Description

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by 80vul · textlocalwindows
https://www.exploit-db.com/exploits/16071

This is a detailed technical writeup discussing multiple attack vectors leveraging the MHTML protocol handler vulnerability (CVE-2011-0096). It includes proof-of-concept examples for XSS, bypassing X-Frame-Options, and local file theft via Adobe Reader and Microsoft Word.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (IE, MHTML protocol handler)
No auth needed
Prerequisites: Victim interaction (e.g., opening a malicious file or visiting a crafted URL) · Specific software configurations (e.g., Adobe Reader 9, Microsoft Word 2003/2007)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (15)

Core 15
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16071
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/326549
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46055
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025003
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6956
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70693
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43093
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65000
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0242

Scores

CVSS v3 6.1
EPSS 0.4682
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2011-04-12
CWE
CWE-79
Status published
Products (7)
microsoft/windows_2003_server (2 CPE variants)
microsoft/windows_7
microsoft/windows_server_2003
microsoft/windows_server_2008 (6 CPE variants)
microsoft/windows_server_2008 r2 (2 CPE variants)
microsoft/windows_vista (2 CPE variants)
microsoft/windows_xp (2 CPE variants)
Published Jan 31, 2011
Tracked Since Feb 18, 2026