FKIE_CVE-2007-2227

Vulnerability from fkie_nvd - Published: 2007-06-12 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
References
secure@microsoft.comhttp://archive.openmya.devnull.jp/2007.06/msg00060.html
secure@microsoft.comhttp://openmya.hacker.jp/hasegawa/security/ms07-034.txt
secure@microsoft.comhttp://osvdb.org/35346
secure@microsoft.comhttp://secunia.com/advisories/25639
secure@microsoft.comhttp://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/472002/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/24410
secure@microsoft.comhttp://www.securitytracker.com/id?1018233
secure@microsoft.comhttp://www.securitytracker.com/id?1018234
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2007/2154
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085
af854a3a-2127-422b-91ae-364da2661108http://archive.openmya.devnull.jp/2007.06/msg00060.html
af854a3a-2127-422b-91ae-364da2661108http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/35346
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25639
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/472002/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24410
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018233
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018234
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2154
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server sp1
microsoft windows_2003_server sp1
microsoft windows_2003_server sp2
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft outlook_express 6.0
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_mail *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
              "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente \"notificaciones\" de disposici\u00f3n de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener informaci\u00f3n sensible de otros dominios de Internet Explorer, tambi\u00e9n conocida como \"Vulnerabilidad de Revelaci\u00f3n de Informaci\u00f3n de Dominios Cruzados en An\u00e1lisis de Disposici\u00f3n de Contenido\" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability)."
    }
  ],
  "id": "CVE-2007-2227",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T21:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35346"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24410"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018233"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018234"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.