cvelistv5 - cve-2007-2227

CVE-2007-2227 (GCVE-0-2007-2227)

Vulnerability from cvelistv5 – Published: 2007-06-12 21:00 – Updated: 2024-08-07 13:23

Summary

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt	x_refsource_MISC
	http://www.securityfocus.com/archive/1/472002/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1018233	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id?1018234	vdb-entryx_refsource_SECTRACK
	http://archive.openmya.devnull.jp/2007.06/msg00060.html	x_refsource_MISC
	http://www.securityfocus.com/bid/24410	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/25639	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/35346	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/2154	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:51.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS07-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
          },
          {
            "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
          },
          {
            "name": "1018233",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018233"
          },
          {
            "name": "1018234",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018234"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
          },
          {
            "name": "24410",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24410"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "25639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "35346",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35346"
          },
          {
            "name": "ADV-2007-2154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "name": "oval:org.mitre.oval:def:2085",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS07-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
        },
        {
          "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
        },
        {
          "name": "1018233",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018233"
        },
        {
          "name": "1018234",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018234"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
        },
        {
          "name": "24410",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24410"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "25639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25639"
        },
        {
          "name": "35346",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35346"
        },
        {
          "name": "ADV-2007-2154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2154"
        },
        {
          "name": "oval:org.mitre.oval:def:2085",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2227",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS07-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
              "refsource": "MISC",
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "1018233",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018233"
            },
            {
              "name": "1018234",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018234"
            },
            {
              "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
              "refsource": "MISC",
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "24410",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24410"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "35346",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35346"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "oval:org.mitre.oval:def:2085",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-2227",
    "datePublished": "2007-06-12T21:00:00",
    "dateReserved": "2007-04-24T00:00:00",
    "dateUpdated": "2024-08-07T13:23:51.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD264C73-360E-414D-BE22-192F92E5A0A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"6881476D-81A2-4DFD-AC77-82A8D08A0568\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"D21D1DFE-F61B-407E-A945-4F42F86947B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"E0BBA081-24D5-4990-882F-69CB05CC28CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85FD3557-956D-4A96-8AA5-5FD9DB87FD11\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"D34A558F-A656-43EB-AC52-C3710F77CDD8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BDD015F-267D-4E33-885B-6A14F493CCC5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \\\"notifications,\\\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \\\"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente \\\"notificaciones\\\" de disposici\\u00f3n de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener informaci\\u00f3n sensible de otros dominios de Internet Explorer, tambi\\u00e9n conocida como \\\"Vulnerabilidad de Revelaci\\u00f3n de Informaci\\u00f3n de Dominios Cruzados en An\\u00e1lisis de Disposici\\u00f3n de Contenido\\\" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability).\"}]",
      "id": "CVE-2007-2227",
      "lastModified": "2024-11-21T00:30:14.447",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-12T21:30:00.000",
      "references": "[{\"url\": \"http://archive.openmya.devnull.jp/2007.06/msg00060.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/35346\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472002/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/24410\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018233\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018234\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://archive.openmya.devnull.jp/2007.06/msg00060.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/35346\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25639\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472002/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018233\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018234\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2227\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-06-12T21:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \\\"notifications,\\\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \\\"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente \\\"notificaciones\\\" de disposici\u00f3n de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de otros dominios de Internet Explorer, tambi\u00e9n conocida como \\\"Vulnerabilidad de Revelaci\u00f3n de Informaci\u00f3n de Dominios Cruzados en An\u00e1lisis de Disposici\u00f3n de Contenido\\\" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD264C73-360E-414D-BE22-192F92E5A0A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"6881476D-81A2-4DFD-AC77-82A8D08A0568\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"D21D1DFE-F61B-407E-A945-4F42F86947B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"E0BBA081-24D5-4990-882F-69CB05CC28CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85FD3557-956D-4A96-8AA5-5FD9DB87FD11\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34A558F-A656-43EB-AC52-C3710F77CDD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDD015F-267D-4E33-885B-6A14F493CCC5\"}]}]}],\"references\":[{\"url\":\"http://archive.openmya.devnull.jp/2007.06/msg00060.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/35346\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/472002/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/24410\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018233\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018234\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archive.openmya.devnull.jp/2007.06/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openmya.hacker.jp/hasegawa/security/ms07-034.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/35346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/472002/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités des clients de messagerie Outlook Express et Mail permettraient la divulgation non autorisée d'informations. Dans Mail seulement, une autre vulnérabilité permettrait à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

CERTA-2007-AVI-259

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités affectent les clients de messagerie Outlook Express et Mail :

trois vulnérabilités permettent, par le biais de courriels spécialement conçus, de contourner le contrôle d'accès dans le navigateur et de divulguer des informations.
une vulnérabilité dans Mail permet, par le biais d'un courriel spécialement conçu, d'exécuter du code arbitraire sur la machine vulnérable ;

L'exploitation de ces vulnérabilités exige la participation du destinataire des courriels malveillants (clic sur un lien).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Windows	Mail sous Windows Vista.
	Microsoft	Windows	Outlook Express 6 sous Windows 2003 server et XP ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-034

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mail sous Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Outlook Express 6 sous Windows 2003 server et XP ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les clients de messagerie Outlook\nExpress et Mail :\n\n-   trois vuln\u00e9rabilit\u00e9s permettent, par le biais de courriels\n    sp\u00e9cialement con\u00e7us, de contourner le contr\u00f4le d\u0027acc\u00e8s dans le\n    navigateur et de divulguer des informations.\n-   une vuln\u00e9rabilit\u00e9 dans Mail permet, par le biais d\u0027un courriel\n    sp\u00e9cialement con\u00e7u, d\u0027ex\u00e9cuter du code arbitraire sur la machine\n    vuln\u00e9rable ;\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s exige la participation du\ndestinataire des courriels malveillants (clic sur un lien).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1658"
    },
    {
      "name": "CVE-2007-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2227"
    },
    {
      "name": "CVE-2006-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2111"
    },
    {
      "name": "CVE-2007-2225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2225"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-259",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s des clients de messagerie \u003cspan\nclass=\"textit\"\u003eOutlook Express\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eMail\u003c/span\u003e permettraient la divulgation non autoris\u00e9e\nd\u0027informations. Dans \u003cspan class=\"textit\"\u003eMail\u003c/span\u003e seulement, une\nautre vuln\u00e9rabilit\u00e9 permettrait \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Outlook Express et Mail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-034",
      "url": "http://www.microsoft.com/france/technet/securite/MS07-034.mspx"
    }
  ]
}

FKIE_CVE-2007-2227

Vulnerability from fkie_nvd - Published: 2007-06-12 21:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archive.openmya.devnull.jp/2007.06/msg00060.html
secure@microsoft.com	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
secure@microsoft.com	http://osvdb.org/35346
secure@microsoft.com	http://secunia.com/advisories/25639
secure@microsoft.com	http://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/472002/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/24410
secure@microsoft.com	http://www.securitytracker.com/id?1018233
secure@microsoft.com	http://www.securitytracker.com/id?1018234
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2154
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085
af854a3a-2127-422b-91ae-364da2661108	http://archive.openmya.devnull.jp/2007.06/msg00060.html
af854a3a-2127-422b-91ae-364da2661108	http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35346
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25639
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/472002/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24410
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018233
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018234
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2154
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085

Impacted products

Vendor	Product	Version
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp2
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	outlook_express	6.0
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	windows_mail	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
              "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente \"notificaciones\" de disposici\u00f3n de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de otros dominios de Internet Explorer, tambi\u00e9n conocida como \"Vulnerabilidad de Revelaci\u00f3n de Informaci\u00f3n de Dominios Cruzados en An\u00e1lisis de Disposici\u00f3n de Contenido\" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability)."
    }
  ],
  "id": "CVE-2007-2227",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T21:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35346"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24410"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018233"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018234"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-2227

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2227

Aliases

CVE-2007-2227

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2227",
    "description": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\"",
    "id": "GSD-2007-2227"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2227"
      ],
      "details": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\"",
      "id": "GSD-2007-2227",
      "modified": "2023-12-13T01:21:37.515406Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-2227",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS07-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
            "refsource": "MISC",
            "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
          },
          {
            "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
          },
          {
            "name": "1018233",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018233"
          },
          {
            "name": "1018234",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018234"
          },
          {
            "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
            "refsource": "MISC",
            "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
          },
          {
            "name": "24410",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24410"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "25639",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25639"
          },
          {
            "name": "35346",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35346"
          },
          {
            "name": "ADV-2007-2154",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2154"
          },
          {
            "name": "oval:org.mitre.oval:def:2085",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2227"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "24410",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24410"
            },
            {
              "name": "1018233",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018233"
            },
            {
              "name": "1018234",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018234"
            },
            {
              "name": "25639",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "35346",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35346"
            },
            {
              "name": "oval:org.mitre.oval:def:2085",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
            },
            {
              "name": "MS07-034",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:42Z",
      "publishedDate": "2007-06-12T21:30Z"
    }
  }
}

GHSA-FPR8-HQ4F-4X67

Vulnerability from github – Published: 2022-05-01 18:01 – Updated: 2022-05-01 18:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2227"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-12T21:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\"",
  "id": "GHSA-fpr8-hq4f-4x67",
  "modified": "2022-05-01T18:01:27Z",
  "published": "2022-05-01T18:01:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2227"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
    },
    {
      "type": "WEB",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35346"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24410"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018233"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018234"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2007-000447

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

() - -

Summary

Internet Explorer vulnerable in handling MHTML protocol

Details

Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explorer. When Internet Explorer accesses a website using MHTML (MIME Encapsulation of Aggregate HTML), Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be displayed when downloading. The MHTML protocol handler is included in Outlook Express component, and Microsoft provides the fix for this componet.

References

Type

URL

	JVN	http://jvn.jp/cert/JVNTA07-163A/index.html
	JVN	http://jvn.jp/en/jp/JVN95019167/index.html
	JVNTR	http://jvn.jp/tr/TRTA07-163A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2227
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2227
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA07-163A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA07-163A.html
	SECUNIA	http://secunia.com/advisories/25639/
	BID	http://www.securityfocus.com/bid/24410
	FRSIRT	http://www.frsirt.com/english/advisories/2007/2154

Impacted products

Vendor

Product

	Microsoft Corporation	Microsoft Outlook Express
	Microsoft Corporation	Microsoft Windows Mail
	Microsoft Corporation	Microsoft Windows Server 2003
	Microsoft Corporation	Microsoft Windows Vista
	Microsoft Corporation	Microsoft Windows XP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000447.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows the download dialog box to be bypassed.\r\n\r\nSome versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explorer.\r\n\r\nWhen Internet Explorer accesses a website using MHTML (MIME Encapsulation of Aggregate HTML), Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be displayed when downloading.\r\nThe MHTML protocol handler is included in Outlook Express component, and Microsoft provides the fix for this componet.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000447.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:microsoft:outlook_express",
      "@product": "Microsoft Outlook Express",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:microsoft:windows_mail",
      "@product": "Microsoft Windows Mail",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2003",
      "@product": "Microsoft Windows Server 2003",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_vista",
      "@product": "Microsoft Windows Vista",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_xp",
      "@product": "Microsoft Windows XP",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000447",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA07-163A/index.html",
      "@id": "JVNTA07-163A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN95019167/index.html",
      "@id": "JVN#95019167",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA07-163A/index.html",
      "@id": "TRTA07-163A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2227",
      "@id": "CVE-2007-2227",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2227",
      "@id": "CVE-2007-2227",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-163A.html",
      "@id": "SA07-163A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html",
      "@id": "TA07-163A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/25639/",
      "@id": "SA25639",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/24410",
      "@id": "24410",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2154",
      "@id": "FrSIRT/ADV-2007-2154",
      "@source": "FRSIRT"
    }
  ],
  "title": "Internet Explorer vulnerable in handling MHTML protocol"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2227 (GCVE-0-2007-2227)

CERTA-2007-AVI-259

Description

Solution

CERTA-2007-AVI-259

Description

Solution

FKIE_CVE-2007-2227

GSD-2007-2227

GHSA-FPR8-HQ4F-4X67

JVNDB-2007-000447

Tags

Sightings

Nomenclature