[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

MHTML://html before all URLs in Internet Explorer

Has anyone seen a problem where Internet Explorer puts MHTML before all HTTP:// in the address bar in Internet Explorer? Have tried looking in the standard prefix values in the registry, but it all looks normal.  Does anyone have any ideas?

Thanks,
Daniel Murfitt
0
DClayden
Asked:
DClayden
1 Solution
 
humeniukCommented:
MHTML (Multipurpose Internet Mail Extension HTML) is a file format that IE uses to save web pages as a "web archive" (in IE, click file->save as->select to save as 'web archive' .mht extension) with all the elements (ie. images) embedded (more info at http://support.microsoft.com/default.aspx?scid=kb;en-us;221787).  It's handy if you want to send the page to someone (instead of a link), etc.  Having Outlook Express installed is a requirement for using MHTML.

However, this feature creates a vulnerability:
"MHTML URL Processing Vulnerability - CAN-2004-0380:
A remote code execution vulnerability exists in the processing of specially crafted MHTML URLs that could allow an attacker’s HTML code to run in the Local Machine security zone in Internet Explorer. This could allow an attacker to take complete control of an affected system."
(source: www.microsoft.com/technet/security/bulletin/MS04-013.mspx)

I don't know if this behavior is a manifestation of a breach of this vulnerability or not, but it is what your question made me think of and given that it is potentially a severe problem, I thought I should mention it.  The 'source' link above has links to download a Outlook Express patch that will fix this vulnerability.  If you don't have it installed already, you should probably install it right away.
0
 
DClaydenAuthor Commented:
It's happening in Internet Explorer though. Everytime you visit a page, it adds the MHTML bit before the URL. Where should I look to disable this?

Thanks,
Daniel Murfitt
0
 
LucFCommented:
Hello DClayden,

Most likely you have some faulty default prefixes. Here's a reg file to restore them:
http://mvps.org/winhelp2002/RepairDefaultPrefix.reg

But... those changed prefixes are normally caused by Ad/Spyware, so I suggest you to take a look here: http:Q_20975384.html and run at least a full systemscan with Ad-aware SE and Spybot S&D and to remove everything they find.

Greetings,

LucF
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
humeniukCommented:
<< It's happening in Internet Explorer though. >>
Yes, it's an Outlook Express vulnerability, but as above, it "could allow an attacker’s HTML code to run in the Local Machine security zone in Internet Explorer" ie. the kind of Spyware LucF is talking about.
0
 
DClaydenAuthor Commented:
I have installed XP service pack 2, and this seemes to have solved the issue. How can I close this post down?

Thanks,
Daniel Murfitt
0
 
humeniukCommented:
Your options for closing the questions: www.experts-exchange.com/help.jsp#hs5.
0
 
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now