topic Threat ID 33803 MHTML vulnerability in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-id-33803-mhtml-vulnerability/m-p/13955#M10236 <HTML><HEAD></HEAD><BODY><P>New to Palo Alto. Just got an alert for threat ID 33803, <A href="https://10.7.1.202/esp/monitor.esp#" onclick="" title="Threat Detail">Microsoft Windows MHTML Protocol Handle Cross Domain Scripting Vulnerability</A>. I looked at the packet capture, and all I see is a href specifying an mhtml URL. Is the PaloAlto signature just matching on the string mhtml in the http request packet? Does this mean I'll get an alert for every legitimate use of an mhtml URL? If so this is lame, PaloAlto should be looking at the mhtml file to see whether there is an attack present.</P></BODY></HTML> Thu, 10 Mar 2011 17:19:13 GMT cscott 2011-03-10T17:19:13Z Threat ID 33803 MHTML vulnerability https://live.paloaltonetworks.com/t5/general-topics/threat-id-33803-mhtml-vulnerability/m-p/13955#M10236 <HTML><HEAD></HEAD><BODY><P>New to Palo Alto. Just got an alert for threat ID 33803, <A href="https://10.7.1.202/esp/monitor.esp#" onclick="" title="Threat Detail">Microsoft Windows MHTML Protocol Handle Cross Domain Scripting Vulnerability</A>. I looked at the packet capture, and all I see is a href specifying an mhtml URL. Is the PaloAlto signature just matching on the string mhtml in the http request packet? Does this mean I'll get an alert for every legitimate use of an mhtml URL? If so this is lame, PaloAlto should be looking at the mhtml file to see whether there is an attack present.</P></BODY></HTML> Thu, 10 Mar 2011 17:19:13 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-33803-mhtml-vulnerability/m-p/13955#M10236 cscott 2011-03-10T17:19:13Z Re: Threat ID 33803 MHTML vulnerability https://live.paloaltonetworks.com/t5/general-topics/threat-id-33803-mhtml-vulnerability/m-p/13956#M10237 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P></P><P>Please open a case with your support provider and provide the pcap for analysis.</P></BODY></HTML> Fri, 11 Mar 2011 17:44:59 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-id-33803-mhtml-vulnerability/m-p/13956#M10237 nrice 2011-03-11T17:44:59Z