CVE-2007-2225

Properties

Published:
11.06.2007
Updated:
30.12.2009
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Product:
microsoft: windows_mail

Vulnerability description

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

References:

CERT: http://www.us-cert.gov/cas/techalerts/TA07-163A.html
CERT-VN: http://www.kb.cert.org/vuls/id/682825
MS: http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
HP: http://www.securityfocus.com/archive/1/archive/1/471947/100/0/threaded
HP: http://www.securityfocus.com/archive/1/archive/1/471947/100/0/threaded
SECTRACK: http://www.securitytracker.com/id?1018232
SECTRACK: http://www.securitytracker.com/id?1018231
BID: http://www.securityfocus.com/bid/24392
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/472002/100/0/threaded
HP: http://www.securityfocus.com/archive/1/archive/1/471947/100/0/threaded
VUPEN: http://www.frsirt.com/english/advisories/2007/2154
SECUNIA: http://secunia.com/advisories/25639
MISC: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
MISC: http://archive.openmya.devnull.jp/2007.06/msg00060.html
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2045