Microsoft Security Advisory: Vulnerability in MHTML could allow information disclosure
Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB2501696.