CVE-2007-2225

Sažetak

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Reference

http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
http://osvdb.org/35345
http://secunia.com/advisories/25639
http://www.kb.cert.org/vuls/id/682825
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.securityfocus.com/archive/1/472002/100/0/threaded
http://www.securityfocus.com/bid/24392
http://www.securitytracker.com/id?1018231
http://www.securitytracker.com/id?1018232
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
http://www.vupen.com/english/advisories/2007/2154
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

16-10-2018 - 16:42

Objavljeno

12-06-2007 - 20:30