Detections
Analytics

Internet Explorer .mht XML External Entity Vulnerability

medium Nessus Plugin ID 125154

Language:

Synopsis

The Internet Explorer installation on the remote host is affected by an XXE vulnerability.

Description

The Internet Explorer installation on the remote host is affected by an XML External Entity attack which could lead to an information disclosure. An attacker would need to host a malicious file that is designed to exploit the vulnerability and then convince a user to download the malicious file and then open the file in Internet Explorer.

Solution

No fix currently exists. Contact the vendor for more information.

See Also

http://www.nessus.org/u?d2b9f0b4

Plugin Details

Severity: Medium

ID: 125154

File Name: microsoft_internet_explorer_mht_xxe.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 5/15/2019

Updated: 5/15/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on an analysis of the vulnerability by tenable.

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated, SMB/IE/Version

Vulnerability Publication Date: 4/12/2019