Remote Information Disclosure in Microsoft Outlook Express 6 Due to URI Handler Flaw
CVE-2006-2111

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 1 May 2006

Summary

A flaw in Microsoft Outlook Express 6 allows remote attackers to exploit the mhtml: URI handler to bypass domain restrictions and gain access to sensitive information. This vulnerability, also reported for Internet Explorer 6 and 7, poses a risk where attackers can manipulate URL redirects to extract confidential data, leading to potential data breaches. Users are advised to stay updated with security patches and remain vigilant against unusual web navigation behaviors.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/19738

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/Internet_Explorer_Arbitrary_Content_Di...

x_refsource_MISC

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 1, 2006
Vulnerability Reserved
May 1, 2006