CVE-2007-2225

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 12 June 2007

Summary

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id?1018232

vdb-entryx_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/682825

third-party-advisoryx_refsource_CERT-VN

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 12, 2007
Vulnerability Reserved
Apr 24, 2007

Collectors

NVD DatabaseMitre Database