Search criteria
135 vulnerabilities found for outlook_express by microsoft
FKIE_CVE-2010-3147
Vulnerability from fkie_nvd - Published: 2010-08-27 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.00.2900.5512:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBD5A3-9FEC-4DC4-AF2D-B37E888C4FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*",
"matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
"matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
},
{
"lang": "es",
"value": "La vulnerabilidad de ruta de b\u00fasqueda no confiable en WAB.exe versi\u00f3n 6.00.2900.5512 en la Libreta de Direcciones de Windows en Microsoft Windows XP versiones SP2 y SP3, Windows Server 2003 SP2, Windows Vista versiones SP1 y SP2, Windows Server 2008 versiones Gold, SP2 y R2, y Windows 7 permite a los usuarios locales alcanzar privilegios por medio de un archivo wab32res.dll de tipo caballo de Troya en el directorio de trabajo actual, como es demostrado por un directorio que contiene una libreta de direcciones de Windows (WAB), VCF (vCard), o archivo P7C, tambi\u00e9n se conoce como \"Insecure Library Loading Vulnerability\" Nota: el c\u00f3digo base de este producto puede superponerse al c\u00f3digo base del producto al que se hace referencia en CVE-2010-3143."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2010-3147",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-27T19:00:18.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41050"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024878"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0816
Vulnerability from fkie_nvd - Published: 2010-05-12 11:46 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "589E5F7F-5429-4050-8C0D-F7F8D18DEB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D45F2775-A10B-4834-A2EF-7498EEAB155D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA329BDD-D4D1-4E5A-9C72-6EF8EE1672DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA329BDD-D4D1-4E5A-9C72-6EF8EE1672DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA329BDD-D4D1-4E5A-9C72-6EF8EE1672DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
"matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
"matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*",
"matchCriteriaId": "DBE4A4EA-A0DE-4FDE-B9EC-D8729E17A1F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:x64:*:*:*:*:*",
"matchCriteriaId": "E8000F58-DF1C-464C-A14B-783CDC00E781",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:gold:itanium:*:*:*:*:*",
"matchCriteriaId": "5AEA67EA-C788-4CF2-9246-01475302238E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
"matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_live_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA329BDD-D4D1-4E5A-9C72-6EF8EE1672DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
"matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
"matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
},
{
"lang": "es",
"value": "Un desbordamiento de entero en inetcomm.dll en Microsoft Outlook Express v5.5 Service Pack 2, v6 y v6 SP1, Windows Live Mail en Windows XP SP2 y SP3, Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7, y Windows Mail en Windows Vista SP1 y SP2, Windows Server 2008 Gold, Service Pack 2, y R2 y Windows 7 permite ejecutar, a los servidores de correo electr\u00f3nico remoto y los atacantes \"man-in-the-middle\", c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una respuesta (1) POP3 o ( 2) IMAP debidamente modificada, como lo demuestra una respuesta + OK en el puerto TCP 110. Esta vulnerabilidad tambi\u00e9n es conocida como \"Vulnerabilidad de desbordamiento de Entero de Outlook Express y Windows Mail.\""
}
],
"id": "CVE-2010-0816",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-12T11:46:51.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40052"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-5424
Vulnerability from fkie_nvd - Published: 2008-12-11 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | outlook_express | 6.00.2900.5512 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.00.2900.5512:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBD5A3-9FEC-4DC4-AF2D-B37E888C4FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
},
{
"lang": "es",
"value": "La funci\u00f3n MimeOleClearDirtyTree en InetComm.dll en Microsoft Outlook Express v6.00.2900.5512 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electr\u00f3nico con muchas cabeceras \"Content-type: message/rfc822;\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila o consumo de otros recursos) mediante un correo electr\u00f3nico de gran tama\u00f1o, un problema relacionado a CVE-2006-1173."
}
],
"id": "CVE-2008-5424",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-11T15:30:00.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4721"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32702"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1448
Vulnerability from fkie_nvd - Published: 2008-08-13 00:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | outlook_express | 5.5 | |
| microsoft | outlook_express | 6.0 | |
| microsoft | outlook_express | 6.0 | |
| microsoft | windows_mail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "589E5F7F-5429-4050-8C0D-F7F8D18DEB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D45F2775-A10B-4834-A2EF-7498EEAB155D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "El manejador de protocolo MHTML en un componente de Outlook Express versiones 5.5 SP2 y 6 hasta SP1 y Windows Mail de Microsoft no asigna la zona de seguridad de Internet Explorer correcta a los nombres de ruta (path) de recurso compartido UNC, lo que permite a los atacantes remotos omitir las restricciones de acceso previstas y leer archivos arbitrarios por medio de un URI mhtml: en conjunto con un redireccionamiento, tambi\u00e9n se conoce como \"URL Parsing Cross-Domain Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2008-1448",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-13T00:41:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31415"
},
{
"source": "secure@microsoft.com",
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020679"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1020680"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3897
Vulnerability from fkie_nvd - Published: 2007-10-09 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | outlook_express | * | |
| microsoft | outlook_express | 6.0 | |
| microsoft | windows_mail | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A15125-6A2E-4818-9FF5-BA44A5C55E54",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D45F2775-A10B-4834-A2EF-7498EEAB155D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:*",
"matchCriteriaId": "3756D077-E4E7-4DF2-9342-17B80671C2E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en Microsoft Outlook Express versi\u00f3n 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol (NNTP) ejecuten c\u00f3digo arbitrario por medio de las respuestas NNTP largas que desencadenan una corrupci\u00f3n de la memoria."
}
],
"id": "CVE-2007-3897",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-09T22:17:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27112"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"source": "secure@microsoft.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4040
Vulnerability from fkie_nvd - Published: 2007-07-27 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | outlook | * | |
| microsoft | outlook_express | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EB05F7-D88A-40AA-A8CB-F76C449878AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD2BCA5-9DA0-472C-B0DF-A4A8BC54B4DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de argumento involucrando a Microsoft Outlook y Outlook Express, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de navegador y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola de comandos en un URI no especificado, que son insertados en una l\u00ednea de comando al invocar al proceso gestor, asunto similar a CVE-2007-3670."
}
],
"id": "CVE-2007-4040",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2007-07-27T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2007-2227
Vulnerability from fkie_nvd - Published: 2007-06-12 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | outlook_express | 6.0 | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_mail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
"matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
"matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
"matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente \"notificaciones\" de disposici\u00f3n de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de otros dominios de Internet Explorer, tambi\u00e9n conocida como \"Vulnerabilidad de Revelaci\u00f3n de Informaci\u00f3n de Dominios Cruzados en An\u00e1lisis de Disposici\u00f3n de Contenido\" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability)."
}
],
"id": "CVE-2007-2227",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-12T21:30:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"source": "secure@microsoft.com",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/35346"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/25639"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/24410"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018233"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018234"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2225
Vulnerability from fkie_nvd - Published: 2007-06-12 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | * | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_2003_server | sp2 | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | windows_xp | * | |
| microsoft | outlook_express | 6.0 | |
| microsoft | windows_vista | * | |
| microsoft | windows_vista | * | |
| microsoft | windows_mail | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
"matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
"matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
"matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
"matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
"matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
"matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
"matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
"matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
},
{
"lang": "es",
"value": "Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de ostros dominios de Internet Explorer, tambi\u00e9n conocida como \"Vulnerabilidad de revelaci\u00f3n de informaci\u00f3n de dominios cruzados en el an\u00e1lisis URL\" (URL Parsing Cross Domain Information Disclosure Vulnerability)."
}
],
"id": "CVE-2007-2225",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-12T20:30:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"source": "secure@microsoft.com",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"source": "secure@microsoft.com",
"url": "http://osvdb.org/35345"
},
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/25639"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/24392"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018231"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018232"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2386
Vulnerability from fkie_nvd - Published: 2006-12-13 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | outlook_express | 5.5 | |
| microsoft | outlook_express | 6.0 | |
| microsoft | outlook_express | 6.0 | |
| microsoft | outlook_express | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "589E5F7F-5429-4050-8C0D-F7F8D18DEB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D45F2775-A10B-4834-A2EF-7498EEAB155D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AC7E8B2E-373E-4F6A-86A0-2456F19ACE37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un registro de contactos modificado en el fichero Windows Address Book (WAB)."
}
],
"evaluatorSolution": "If a end user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.",
"id": "CVE-2006-2386",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-12-13T01:28:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/23311"
},
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1017369"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/21501"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2006/4969"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076"
},
{
"source": "secure@microsoft.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29227"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-3147 (GCVE-0-2010-3147)
Vulnerability from cvelistv5 – Published: 2010-08-27 18:10 – Updated: 2024-08-07 02:55
VLAI?
Summary
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024878"
},
{
"name": "http://www.attackvector.org/new-dll-hijacking-exploits-many/",
"refsource": "MISC",
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3147",
"datePublished": "2010-08-27T18:10:00",
"dateReserved": "2010-08-27T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0816 (GCVE-0-2010-0816)
Vulnerability from cvelistv5 – Published: 2010-05-12 01:00 – Updated: 2024-08-07 00:59
VLAI?
Summary
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0816",
"datePublished": "2010-05-12T01:00:00",
"dateReserved": "2010-03-02T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5424 (GCVE-0-2008-5424)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5424",
"datePublished": "2008-12-11T15:00:00",
"dateReserved": "2008-12-11T00:00:00",
"dateUpdated": "2024-08-07T10:56:45.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1448 (GCVE-0-2008-1448)
Vulnerability from cvelistv5 – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "http://www.coresecurity.com/content/internet-explorer-zone-elevation",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1448",
"datePublished": "2008-08-13T00:00:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1378 (GCVE-0-2003-1378)
Vulnerability from cvelistv5 – Published: 2007-10-19 10:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/312929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/312929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1378",
"datePublished": "2007-10-19T10:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3897 (GCVE-0-2007-3897)
Vulnerability from cvelistv5 – Published: 2007-10-09 22:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1018785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-3897",
"datePublished": "2007-10-09T22:00:00",
"dateReserved": "2007-07-19T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2694 (GCVE-0-2004-2694)
Vulnerability from cvelistv5 – Published: 2007-10-06 20:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a \"BASE HREF\" with the target set to \"_top\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a \"BASE HREF\" with the target set to \"_top\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2694",
"datePublished": "2007-10-06T20:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4040 (GCVE-0-2007-4040)
Vulnerability from cvelistv5 – Published: 2007-07-27 22:00 – Updated: 2025-04-03 14:27
VLAI?
Summary
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-4040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:26:07.732559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:27:23.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4040",
"datePublished": "2007-07-27T22:00:00.000Z",
"dateReserved": "2007-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:27:23.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2227 (GCVE-0-2007-2227)
Vulnerability from cvelistv5 – Published: 2007-06-12 21:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018234"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018234"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
"refsource": "MISC",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018234"
},
{
"name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
"refsource": "MISC",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"refsource": "OSVDB",
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-2227",
"datePublished": "2007-06-12T21:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2225 (GCVE-0-2007-2225)
Vulnerability from cvelistv5 – Published: 2007-06-12 20:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24392"
},
{
"name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
"refsource": "MISC",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
"refsource": "MISC",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"refsource": "OSVDB",
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-2225",
"datePublished": "2007-06-12T20:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2386 (GCVE-0-2006-2386)
Vulnerability from cvelistv5 – Published: 2006-12-13 01:00 – Updated: 2024-08-07 17:51
VLAI?
Summary
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23311"
},
{
"name": "21501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21501"
},
{
"name": "oval:org.mitre.oval:def:1055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "MS06-076",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "1017369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017369"
},
{
"name": "ADV-2006-4969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4969"
},
{
"name": "oe-wab-bo(29227)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "23311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23311"
},
{
"name": "21501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21501"
},
{
"name": "oval:org.mitre.oval:def:1055",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055"
},
{
"name": "TA06-346A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "MS06-076",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076"
},
{
"name": "SSRT061288",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "1017369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017369"
},
{
"name": "ADV-2006-4969",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4969"
},
{
"name": "oe-wab-bo(29227)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-2386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23311"
},
{
"name": "21501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21501"
},
{
"name": "oval:org.mitre.oval:def:1055",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1055"
},
{
"name": "TA06-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
},
{
"name": "MS06-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076"
},
{
"name": "SSRT061288",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "HPSBST02180",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
},
{
"name": "1017369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017369"
},
{
"name": "ADV-2006-4969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4969"
},
{
"name": "oe-wab-bo(29227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-2386",
"datePublished": "2006-12-13T01:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3147 (GCVE-0-2010-3147)
Vulnerability from nvd – Published: 2010-08-27 18:10 – Updated: 2024-08-07 02:55
VLAI?
Summary
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TA10-348A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka \"Insecure Library Loading Vulnerability.\" NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "14745",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14745/"
},
{
"name": "41050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41050"
},
{
"name": "MS10-096",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096"
},
{
"name": "1024878",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024878"
},
{
"name": "http://www.attackvector.org/new-dll-hijacking-exploits-many/",
"refsource": "MISC",
"url": "http://www.attackvector.org/new-dll-hijacking-exploits-many/"
},
{
"name": "oval:org.mitre.oval:def:12352",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3147",
"datePublished": "2010-08-27T18:10:00",
"dateReserved": "2010-08-27T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0816 (GCVE-0-2010-0816)
Vulnerability from nvd – Published: 2010-05-12 01:00 – Updated: 2024-08-07 00:59
VLAI?
Summary
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
},
{
"name": "MS10-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
},
{
"name": "TA10-131A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
},
{
"name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
},
{
"name": "oval:org.mitre.oval:def:6734",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
},
{
"name": "40052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2010-0816",
"datePublished": "2010-05-12T01:00:00",
"dateReserved": "2010-03-02T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5424 (GCVE-0-2008-5424)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro",
"refsource": "MISC",
"url": "http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro"
},
{
"name": "4721",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4721"
},
{
"name": "32702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32702"
},
{
"name": "20081208 DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499038/100/0/threaded"
},
{
"name": "20081209 Re: DoS attacks on MIME-capable software via complex MIME emails",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499045/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5424",
"datePublished": "2008-12-11T15:00:00",
"dateReserved": "2008-12-11T00:00:00",
"dateUpdated": "2024-08-07T10:56:45.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1448 (GCVE-0-2008-1448)
Vulnerability from nvd – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1020679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020679"
},
{
"name": "30585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30585"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "http://www.coresecurity.com/content/internet-explorer-zone-elevation",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
},
{
"name": "MS08-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
},
{
"name": "1020680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020680"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
},
{
"name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
},
{
"name": "31415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31415"
},
{
"name": "ADV-2008-2352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2352"
},
{
"name": "oval:org.mitre.oval:def:5886",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2008-1448",
"datePublished": "2008-08-13T00:00:00",
"dateReserved": "2008-03-21T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1378 (GCVE-0-2003-1378)
Vulnerability from nvd – Published: 2007-10-19 10:00 – Updated: 2024-08-08 02:28
VLAI?
Summary
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/312929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/312929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1378",
"datePublished": "2007-10-19T10:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3897 (GCVE-0-2007-3897)
Vulnerability from nvd – Published: 2007-10-09 22:00 – Updated: 2024-08-07 14:37
VLAI?
Summary
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1018785",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-3897",
"datePublished": "2007-10-09T22:00:00",
"dateReserved": "2007-07-19T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2694 (GCVE-0-2004-2694)
Vulnerability from nvd – Published: 2007-10-06 20:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a \"BASE HREF\" with the target set to \"_top\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a \"BASE HREF\" with the target set to \"_top\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040513 POA: Outlook Expresss 6.00",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108448627120764\u0026w=2"
},
{
"name": "11607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11607"
},
{
"name": "6121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2694",
"datePublished": "2007-10-06T20:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4040 (GCVE-0-2007-4040)
Vulnerability from nvd – Published: 2007-07-27 22:00 – Updated: 2025-04-03 14:27
VLAI?
Summary
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-4040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:26:07.732559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:27:23.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4040",
"datePublished": "2007-07-27T22:00:00.000Z",
"dateReserved": "2007-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-03T14:27:23.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2227 (GCVE-0-2007-2227)
Vulnerability from nvd – Published: 2007-06-12 21:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018234"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018234"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
"refsource": "MISC",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "1018233",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018233"
},
{
"name": "1018234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018234"
},
{
"name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
"refsource": "MISC",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "24410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24410"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "25639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25639"
},
{
"name": "35346",
"refsource": "OSVDB",
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-2227",
"datePublished": "2007-06-12T21:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2225 (GCVE-0-2007-2225)
Vulnerability from nvd – Published: 2007-06-12 20:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS07-034",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
},
{
"name": "1018232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018232"
},
{
"name": "VU#682825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/682825"
},
{
"name": "SSRT071438",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
},
{
"name": "24392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24392"
},
{
"name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
"refsource": "MISC",
"url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
},
{
"name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
},
{
"name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
"refsource": "MISC",
"url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
},
{
"name": "35345",
"refsource": "OSVDB",
"url": "http://osvdb.org/35345"
},
{
"name": "1018231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018231"
},
{
"name": "TA07-163A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
},
{
"name": "oval:org.mitre.oval:def:2045",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
},
{
"name": "25639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25639"
},
{
"name": "ADV-2007-2154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-2225",
"datePublished": "2007-06-12T20:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}