Back to search
CVE-2007-2225
Published: Jun 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MS07-034
vendor-advisory
x_refsource_MS
1018232
vdb-entry
x_refsource_SECTRACK
VU#682825
third-party-advisory
x_refsource_CERT-VN
SSRT071438
vendor-advisory
x_refsource_HP
24392
vdb-entry
x_refsource_BID
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
x_refsource_MISC
20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler
mailing-list
x_refsource_BUGTRAQ
http://archive.openmya.devnull.jp/2007.06/msg00060.html
x_refsource_MISC
35345
vdb-entry
x_refsource_OSVDB
1018231
vdb-entry
x_refsource_SECTRACK
TA07-163A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:2045
vdb-entry
signature
x_refsource_OVAL
25639
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2154
vdb-entry
x_refsource_VUPEN
HPSBST02231
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now