[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2225Date: (C)2007-06-12   (M)2023-12-22


A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1018231
SECTRACK-1018232
http://www.securityfocus.com/archive/1/472002/100/0/threaded
BID-24392
SECUNIA-25639
OSVDB-35345
ADV-2007-2154
MS07-034
SSRT071438
TA07-163A
VU#682825
http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
oval:org.mitre.oval:def:2045

CPE    5
cpe:/o:microsoft:windows_vista::gold
cpe:/a:microsoft:windows_mail
cpe:/o:microsoft:windows_xp::sp2
cpe:/o:microsoft:windows_2003_server::sp2:x64
...
OVAL    1
oval:org.mitre.oval:def:2045

© SecPod Technologies