CVE-2007-2227 - The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not

CVE-2007-2227

Summary

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

oval via4

accepted

2012-09-10T04:00:47.213-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Chandan S
organization SecPod Technologies

definition_extensions

comment Microsoft Windows XP SP2 or later is installed
oval oval:org.mitre.oval:def:521
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193
comment Microsoft Windows XP SP1 (64-bit) is installed
oval oval:org.mitre.oval:def:480
comment Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
oval oval:org.mitre.oval:def:208

description

family

windows

oval:org.mitre.oval:def:2085

status

accepted

submitted

2007-06-13T08:22:59.000-04:00

title

Content Disposition Parsing Cross Domain Information Disclosure Vulnerability

version

refmap via4

bid	24410
bugtraq	20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler
cert	TA07-163A
hp	HPSBST02231 SSRT071438
misc	http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
osvdb	35346
sectrack	1018233 1018234
secunia	25639
vupen	ADV-2007-2154

Last major update

16-10-2018 - 16:42

Published

12-06-2007 - 21:30

Last modified

16-10-2018 - 16:42