CVE-2007-2225

medium

Description

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034

http://www.vupen.com/english/advisories/2007/2154

http://www.us-cert.gov/cas/techalerts/TA07-163A.html

http://www.securitytracker.com/id?1018232

http://www.securitytracker.com/id?1018231

http://www.securityfocus.com/bid/24392

http://www.securityfocus.com/archive/1/472002/100/0/threaded

http://www.securityfocus.com/archive/1/471947/100/0/threaded

http://www.kb.cert.org/vuls/id/682825

http://secunia.com/advisories/25639

http://osvdb.org/35345

http://openmya.hacker.jp/hasegawa/security/ms07-034.txt

http://archive.openmya.devnull.jp/2007.06/msg00060.html

Details

Source: Mitre, NVD

Published: 2007-06-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium