Microsoft has issued a security advisory for a vulnerability in Internet Explorer that pertains to the way MHTML interprets MIME-formatted requests for content blocks within a document. It allows the injection of a script that could spoof content, disclose information or take other actions on behalf of the user. Not good. This affects all versions of Windows from XP to Windows 7 on the client side and Server 2003 to Server 2008 R2 on the server side, including both 32 and 64 bit editions, but IE restricted mode (which is the default on the server operating systems, mitigates the problem. The advisory contains several suggested actions, including locking down the MHTML protocol, setting Internet and Local Intranet security zone settings to “high” to block ActiveX and Active Scripting, and/or configuring IE to prompt before running Active Scripting.
Find out more about it here: