cvelistv5 - CVE-2007-1658

CVE-2007-1658 (GCVE-0-2007-1658)

Vulnerability from cvelistv5 – Published: 2007-03-24 19:00 – Updated: 2024-08-07 13:06

Summary

Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://news.com.com/2100-1002_3-6170133.html	x_refsource_MISC
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.computerworld.com/action/article.do?co…	x_refsource_MISC
	http://www.securitytracker.com/id?1017816	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/23103	vdb-entryx_refsource_BID
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/25639	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2154	vdb-entryx_refsource_VUPEN
	http://isc.sans.org/diary.html?storyid=2507	x_refsource_MISC
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:25.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
          },
          {
            "name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
          },
          {
            "name": "MS07-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "oval:org.mitre.oval:def:1861",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://news.com.com/2100-1002_3-6170133.html"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "win-mail-code-execution(33167)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
          },
          {
            "name": "1017816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017816"
          },
          {
            "name": "23103",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23103"
          },
          {
            "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "25639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "ADV-2007-2154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?storyid=2507"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
        },
        {
          "name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
        },
        {
          "name": "MS07-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
        },
        {
          "name": "oval:org.mitre.oval:def:1861",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://news.com.com/2100-1002_3-6170133.html"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "win-mail-code-execution(33167)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
        },
        {
          "name": "1017816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017816"
        },
        {
          "name": "23103",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23103"
        },
        {
          "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "25639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25639"
        },
        {
          "name": "ADV-2007-2154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2154"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?storyid=2507"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
            },
            {
              "name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
            },
            {
              "name": "MS07-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "oval:org.mitre.oval:def:1861",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
            },
            {
              "name": "http://news.com.com/2100-1002_3-6170133.html",
              "refsource": "MISC",
              "url": "http://news.com.com/2100-1002_3-6170133.html"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "win-mail-code-execution(33167)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
            },
            {
              "name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194",
              "refsource": "MISC",
              "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
            },
            {
              "name": "1017816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017816"
            },
            {
              "name": "23103",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23103"
            },
            {
              "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=2507",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?storyid=2507"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1658",
    "datePublished": "2007-03-24T19:00:00",
    "dateReserved": "2007-03-24T00:00:00",
    "dateUpdated": "2024-08-07T13:06:25.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*\", \"matchCriteriaId\": \"CC3161FD-F631-405A-BE3A-0B78D5DCD7B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*\", \"matchCriteriaId\": \"BDDE7F1B-768A-4A53-8765-E48DEB0EF3D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"8FF0D88B-821D-4E45-A2EC-5279B9190356\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*\", \"matchCriteriaId\": \"1A9CAA2B-947F-47E8-A032-DFA2D1F05B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*\", \"matchCriteriaId\": \"4C17A747-EF5C-4852-89F7-DE45DDD6EB60\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).\"}, {\"lang\": \"es\", \"value\": \"Windows Mail en Microsoft Windows Vista podr\\u00eda permitir a atacantes con la intervenci\\u00f3n del usuario ejecutar ciertos programas a trav\\u00e9s de un enlace a (1) un fichero local o (2) un nombre de ruta UNC compartido en el cual hay un directorio con el mismo nombre de base con un programa un programa ejecutable en el mismo nivel, como se demostr\\u00f3 utilizando  C:/windows/system32/winrm (winrm.cmd) y migwiz (migwiz.exe).\\r\\n\"}]",
      "id": "CVE-2007-1658",
      "lastModified": "2024-11-21T00:28:51.700",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-03-24T19:19:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=2507\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://news.com.com/2100-1002_3-6170133.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23103\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1017816\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33167\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://isc.sans.org/diary.html?storyid=2507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://news.com.com/2100-1002_3-6170133.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1017816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33167\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1658\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-24T19:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).\"},{\"lang\":\"es\",\"value\":\"Windows Mail en Microsoft Windows Vista podr\u00eda permitir a atacantes con la intervenci\u00f3n del usuario ejecutar ciertos programas a trav\u00e9s de un enlace a (1) un fichero local o (2) un nombre de ruta UNC compartido en el cual hay un directorio con el mismo nombre de base con un programa un programa ejecutable en el mismo nivel, como se demostr\u00f3 utilizando  C:/windows/system32/winrm (winrm.cmd) y migwiz (migwiz.exe).\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*\",\"matchCriteriaId\":\"CC3161FD-F631-405A-BE3A-0B78D5DCD7B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*\",\"matchCriteriaId\":\"BDDE7F1B-768A-4A53-8765-E48DEB0EF3D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"8FF0D88B-821D-4E45-A2EC-5279B9190356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*\",\"matchCriteriaId\":\"1A9CAA2B-947F-47E8-A032-DFA2D1F05B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*\",\"matchCriteriaId\":\"4C17A747-EF5C-4852-89F7-DE45DDD6EB60\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=2507\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://news.com.com/2100-1002_3-6170133.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23103\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1017816\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33167\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://isc.sans.org/diary.html?storyid=2507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://news.com.com/2100-1002_3-6170133.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1017816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités des clients de messagerie Outlook Express et Mail permettraient la divulgation non autorisée d'informations. Dans Mail seulement, une autre vulnérabilité permettrait à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

GHSA-W5C7-QFC7-WQ32

Vulnerability from github – Published: 2022-05-01 17:55 – Updated: 2022-05-01 17:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1658"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-24T19:19:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).",
  "id": "GHSA-w5c7-qfc7-wq32",
  "modified": "2022-05-01T17:55:37Z",
  "published": "2022-05-01T17:55:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1658"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?storyid=2507"
    },
    {
      "type": "WEB",
      "url": "http://news.com.com/2100-1002_3-6170133.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "type": "WEB",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23103"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017816"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1658

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1658

Aliases

CVE-2007-1658

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1658",
    "description": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).",
    "id": "GSD-2007-1658"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1658"
      ],
      "details": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).",
      "id": "GSD-2007-1658",
      "modified": "2023-12-13T01:21:40.052626Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
          },
          {
            "name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
          },
          {
            "name": "MS07-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "oval:org.mitre.oval:def:1861",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
          },
          {
            "name": "http://news.com.com/2100-1002_3-6170133.html",
            "refsource": "MISC",
            "url": "http://news.com.com/2100-1002_3-6170133.html"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "win-mail-code-execution(33167)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
          },
          {
            "name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194",
            "refsource": "MISC",
            "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
          },
          {
            "name": "1017816",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017816"
          },
          {
            "name": "23103",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23103"
          },
          {
            "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "25639",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "ADV-2007-2154",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "name": "http://isc.sans.org/diary.html?storyid=2507",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?storyid=2507"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1658"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
            },
            {
              "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
            },
            {
              "name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
            },
            {
              "name": "23103",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/23103"
            },
            {
              "name": "http://isc.sans.org/diary.html?storyid=2507",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.html?storyid=2507"
            },
            {
              "name": "http://news.com.com/2100-1002_3-6170133.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://news.com.com/2100-1002_3-6170133.html"
            },
            {
              "name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "1017816",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017816"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "win-mail-code-execution(33167)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
            },
            {
              "name": "oval:org.mitre.oval:def:1861",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
            },
            {
              "name": "MS07-034",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:39Z",
      "publishedDate": "2007-03-24T19:19Z"
    }
  }
}

FKIE_CVE-2007-1658

Vulnerability from fkie_nvd - Published: 2007-03-24 19:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html	Exploit
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html
cve@mitre.org	http://isc.sans.org/diary.html?storyid=2507
cve@mitre.org	http://news.com.com/2100-1002_3-6170133.html
cve@mitre.org	http://secunia.com/advisories/25639
cve@mitre.org	http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194
cve@mitre.org	http://www.securityfocus.com/archive/1/471947/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23103	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1017816
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2154
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33167
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=2507
af854a3a-2127-422b-91ae-364da2661108	http://news.com.com/2100-1002_3-6170133.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25639
af854a3a-2127-422b-91ae-364da2661108	http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23103	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017816
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2154
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33167
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861

Impacted products

Vendor	Product	Version
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_vista	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*",
              "matchCriteriaId": "CC3161FD-F631-405A-BE3A-0B78D5DCD7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*",
              "matchCriteriaId": "BDDE7F1B-768A-4A53-8765-E48DEB0EF3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "8FF0D88B-821D-4E45-A2EC-5279B9190356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*",
              "matchCriteriaId": "1A9CAA2B-947F-47E8-A032-DFA2D1F05B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*",
              "matchCriteriaId": "4C17A747-EF5C-4852-89F7-DE45DDD6EB60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
    },
    {
      "lang": "es",
      "value": "Windows Mail en Microsoft Windows Vista podr\u00eda permitir a atacantes con la intervenci\u00f3n del usuario ejecutar ciertos programas a trav\u00e9s de un enlace a (1) un fichero local o (2) un nombre de ruta UNC compartido en el cual hay un directorio con el mismo nombre de base con un programa un programa ejecutable en el mismo nivel, como se demostr\u00f3 utilizando  C:/windows/system32/winrm (winrm.cmd) y migwiz (migwiz.exe).\r\n"
    }
  ],
  "id": "CVE-2007-1658",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-24T19:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://isc.sans.org/diary.html?storyid=2507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.com.com/2100-1002_3-6170133.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=2507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.com.com/2100-1002_3-6170133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1658 (GCVE-0-2007-1658)

CERTA-2007-AVI-259

Description

Solution

CERTA-2007-AVI-259

Description

Solution

GHSA-W5C7-QFC7-WQ32

GSD-2007-1658

FKIE_CVE-2007-1658

Tags

Sightings

Nomenclature