cvelistv5 - CVE-2007-2225

CVE-2007-2225 (GCVE-0-2007-2225)

Vulnerability from cvelistv5 – Published: 2007-06-12 20:00 – Updated: 2024-08-07 13:23

Summary

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id?1018232	vdb-entryx_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/682825	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/24392	vdb-entryx_refsource_BID
	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt	x_refsource_MISC
	http://www.securityfocus.com/archive/1/472002/100…	mailing-listx_refsource_BUGTRAQ
	http://archive.openmya.devnull.jp/2007.06/msg00060.html	x_refsource_MISC
	http://osvdb.org/35345	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1018231	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/25639	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2154	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:51.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS07-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "1018232",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018232"
          },
          {
            "name": "VU#682825",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/682825"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "24392",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24392"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
          },
          {
            "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
          },
          {
            "name": "35345",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35345"
          },
          {
            "name": "1018231",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018231"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:2045",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
          },
          {
            "name": "25639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "ADV-2007-2154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS07-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
        },
        {
          "name": "1018232",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018232"
        },
        {
          "name": "VU#682825",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/682825"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "24392",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24392"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
        },
        {
          "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
        },
        {
          "name": "35345",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35345"
        },
        {
          "name": "1018231",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018231"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:2045",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
        },
        {
          "name": "25639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25639"
        },
        {
          "name": "ADV-2007-2154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2154"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS07-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "1018232",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018232"
            },
            {
              "name": "VU#682825",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/682825"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "24392",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24392"
            },
            {
              "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
              "refsource": "MISC",
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
              "refsource": "MISC",
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "35345",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35345"
            },
            {
              "name": "1018231",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018231"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2045",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-2225",
    "datePublished": "2007-06-12T20:00:00",
    "dateReserved": "2007-04-24T00:00:00",
    "dateUpdated": "2024-08-07T13:23:51.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD264C73-360E-414D-BE22-192F92E5A0A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"6881476D-81A2-4DFD-AC77-82A8D08A0568\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"D21D1DFE-F61B-407E-A945-4F42F86947B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"E0BBA081-24D5-4990-882F-69CB05CC28CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85FD3557-956D-4A96-8AA5-5FD9DB87FD11\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"D34A558F-A656-43EB-AC52-C3710F77CDD8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BDD015F-267D-4E33-885B-6A14F493CCC5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \\\"URL Parsing Cross Domain Information Disclosure Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener informaci\\u00f3n sensible de ostros dominios de Internet Explorer, tambi\\u00e9n conocida como \\\"Vulnerabilidad de revelaci\\u00f3n de informaci\\u00f3n de dominios cruzados en el an\\u00e1lisis URL\\\" (URL Parsing Cross Domain Information Disclosure Vulnerability).\"}]",
      "id": "CVE-2007-2225",
      "lastModified": "2024-11-21T00:30:14.280",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-12T20:30:00.000",
      "references": "[{\"url\": \"http://archive.openmya.devnull.jp/2007.06/msg00060.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/35345\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/682825\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472002/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/24392\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018231\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018232\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://archive.openmya.devnull.jp/2007.06/msg00060.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/35345\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/682825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472002/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2225\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-06-12T20:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \\\"URL Parsing Cross Domain Information Disclosure Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de ostros dominios de Internet Explorer, tambi\u00e9n conocida como \\\"Vulnerabilidad de revelaci\u00f3n de informaci\u00f3n de dominios cruzados en el an\u00e1lisis URL\\\" (URL Parsing Cross Domain Information Disclosure Vulnerability).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD264C73-360E-414D-BE22-192F92E5A0A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"6881476D-81A2-4DFD-AC77-82A8D08A0568\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"D21D1DFE-F61B-407E-A945-4F42F86947B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"E0BBA081-24D5-4990-882F-69CB05CC28CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85FD3557-956D-4A96-8AA5-5FD9DB87FD11\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34A558F-A656-43EB-AC52-C3710F77CDD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDD015F-267D-4E33-885B-6A14F493CCC5\"}]}]}],\"references\":[{\"url\":\"http://archive.openmya.devnull.jp/2007.06/msg00060.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/35345\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/682825\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/472002/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/24392\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018231\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018232\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archive.openmya.devnull.jp/2007.06/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/682825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/472002/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

JVNDB-2007-000446

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

() - -

Summary

Internet Explorer vulnerable in MHTML handling

Details

Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express component, and Microsoft provides the fix of the vulnerability for this component.

References

Type

URL

	JVN	http://jvn.jp/cert/JVNTA07-163A/index.html
	JVN	http://jvn.jp/en/jp/JVN27203006/index.html
	JVNTR	http://jvn.jp/tr/TRTA07-163A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2225
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2225
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA07-163A.html
	CERT-VN	http://www.kb.cert.org/vuls/id/682825
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA07-163A.html
	SECUNIA	http://secunia.com/advisories/25639/
	BID	http://www.securityfocus.com/bid/24392
	FRSIRT	http://www.frsirt.com/english/advisories/2007/2154

Impacted products

Vendor

Product

	Microsoft Corporation	Microsoft Outlook Express
	Microsoft Corporation	Microsoft Windows Mail
	Microsoft Corporation	Microsoft Windows Server 2003
	Microsoft Corporation	Microsoft Windows Vista
	Microsoft Corporation	Microsoft Windows XP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000446.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows an arbitrary script execution.\r\n\r\nWhen Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types.\r\nThis behavior may result in executing the scripts embedded in the contents.\r\nThe MHTML protocol handler is included in the Outlook Express component, and Microsoft provides the fix of the vulnerability for this component.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000446.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:microsoft:outlook_express",
      "@product": "Microsoft Outlook Express",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:microsoft:windows_mail",
      "@product": "Microsoft Windows Mail",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2003",
      "@product": "Microsoft Windows Server 2003",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_vista",
      "@product": "Microsoft Windows Vista",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_xp",
      "@product": "Microsoft Windows XP",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000446",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA07-163A/index.html",
      "@id": "JVNTA07-163A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN27203006/index.html",
      "@id": "JVN#27203006",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA07-163A/index.html",
      "@id": "TRTA07-163A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2225",
      "@id": "CVE-2007-2225",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2225",
      "@id": "CVE-2007-2225",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-163A.html",
      "@id": "SA07-163A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/682825",
      "@id": "VU#682825",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html",
      "@id": "TA07-163A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/25639/",
      "@id": "SA25639",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/24392",
      "@id": "24392",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2154",
      "@id": "FrSIRT/ADV-2007-2154",
      "@source": "FRSIRT"
    }
  ],
  "title": "Internet Explorer vulnerable in MHTML handling"
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités des clients de messagerie Outlook Express et Mail permettraient la divulgation non autorisée d'informations. Dans Mail seulement, une autre vulnérabilité permettrait à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

GSD-2007-2225

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2225

Aliases

CVE-2007-2225

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2225",
    "description": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\"",
    "id": "GSD-2007-2225"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2225"
      ],
      "details": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\"",
      "id": "GSD-2007-2225",
      "modified": "2023-12-13T01:21:37.391692Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-2225",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS07-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "1018232",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018232"
          },
          {
            "name": "VU#682825",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/682825"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "24392",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24392"
          },
          {
            "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
            "refsource": "MISC",
            "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
          },
          {
            "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
          },
          {
            "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
            "refsource": "MISC",
            "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
          },
          {
            "name": "35345",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35345"
          },
          {
            "name": "1018231",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018231"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:2045",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
          },
          {
            "name": "25639",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "ADV-2007-2154",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2225"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "VU#682825",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/682825"
            },
            {
              "name": "24392",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24392"
            },
            {
              "name": "1018231",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018231"
            },
            {
              "name": "1018232",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018232"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "35345",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35345"
            },
            {
              "name": "oval:org.mitre.oval:def:2045",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
            },
            {
              "name": "MS07-034",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:42Z",
      "publishedDate": "2007-06-12T20:30Z"
    }
  }
}

FKIE_CVE-2007-2225

Vulnerability from fkie_nvd - Published: 2007-06-12 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archive.openmya.devnull.jp/2007.06/msg00060.html
secure@microsoft.com	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
secure@microsoft.com	http://osvdb.org/35345
secure@microsoft.com	http://secunia.com/advisories/25639
secure@microsoft.com	http://www.kb.cert.org/vuls/id/682825	US Government Resource
secure@microsoft.com	http://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/472002/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/24392
secure@microsoft.com	http://www.securitytracker.com/id?1018231
secure@microsoft.com	http://www.securitytracker.com/id?1018232
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2154
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045
af854a3a-2127-422b-91ae-364da2661108	http://archive.openmya.devnull.jp/2007.06/msg00060.html
af854a3a-2127-422b-91ae-364da2661108	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35345
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25639
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/682825	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/472002/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24392
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018231
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018232
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2154
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045

Impacted products

Vendor	Product	Version
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp2
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	outlook_express	6.0
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_mail	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
              "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de ostros dominios de Internet Explorer, tambi\u00e9n conocida como \"Vulnerabilidad de revelaci\u00f3n de informaci\u00f3n de dominios cruzados en el an\u00e1lisis URL\" (URL Parsing Cross Domain Information Disclosure Vulnerability)."
    }
  ],
  "id": "CVE-2007-2225",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T20:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35345"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/682825"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24392"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018231"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018232"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/682825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8MCC-528J-M5QC

Vulnerability from github – Published: 2022-05-01 18:01 – Updated: 2022-05-01 18:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2225"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-12T20:30:00Z",
    "severity": "MODERATE"
  },
  "details": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\"",
  "id": "GHSA-8mcc-528j-m5qc",
  "modified": "2022-05-01T18:01:27Z",
  "published": "2022-05-01T18:01:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2225"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
    },
    {
      "type": "WEB",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35345"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/682825"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24392"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018231"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018232"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2225 (GCVE-0-2007-2225)

JVNDB-2007-000446

CERTA-2007-AVI-259

Description

Solution

CERTA-2007-AVI-259

Description

Solution

GSD-2007-2225

FKIE_CVE-2007-2225

GHSA-8MCC-528J-M5QC

Tags

Sightings

Nomenclature