Back to search
CVE-2007-2227
Published: Jun 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MS07-034
vendor-advisory
x_refsource_MS
SSRT071438
vendor-advisory
x_refsource_HP
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
x_refsource_MISC
20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler
mailing-list
x_refsource_BUGTRAQ
1018233
vdb-entry
x_refsource_SECTRACK
1018234
vdb-entry
x_refsource_SECTRACK
http://archive.openmya.devnull.jp/2007.06/msg00060.html
x_refsource_MISC
24410
vdb-entry
x_refsource_BID
TA07-163A
third-party-advisory
x_refsource_CERT
25639
third-party-advisory
x_refsource_SECUNIA
35346
vdb-entry
x_refsource_OSVDB
ADV-2007-2154
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:2085
vdb-entry
signature
x_refsource_OVAL
HPSBST02231
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now