What is CVE-2011-0096?

CVE-2011-0096 is a medium-severity vulnerability in Microsoft Windows_2003_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2011-01-31.

How severe is CVE-2011-0096?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Microsoft Windows_2003_server

CVE-2011-0096

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a reque…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Microsoft Windows_2003_server
Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

VU#326549 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
secure@microsoft.com (Exploit, x_refsource_MISC)
TA11-102A (US Government Resource, x_refsource_CERT, third-party-advisory)
46055 (vdb-entry, x_refsource_BID)
MS11-026 (x_refsource_MS, vendor-advisory)
secure@microsoft.com (x_refsource_CONFIRM)
1025003 (vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:6956 (x_refsource_OVAL, signature, vdb-entry)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
secure@microsoft.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2011-0096?: CVE-2011-0096 is a medium-severity vulnerability in Microsoft Windows_2003_server, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2011-01-31.
How severe is CVE-2011-0096?: Medium severity. CVSS v3 base score is 6.1 out of 10.