Cross Domain Information Disclosure in Microsoft Outlook Express and Windows Mail
CVE-2007-2225

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express
Vendor: CVE Published:; 12 June 2007

Summary

A vulnerability exists in Microsoft Outlook Express 6 and Windows Mail in Windows Vista due to improper handling of certain HTTP headers when processing MHTML protocol URLs. This flaw may enable remote attackers to exploit the affected products and gain unauthorized access to sensitive information from other Internet Explorer domains.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id?1018232

vdb-entryx_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/682825

third-party-advisoryx_refsource_CERT-VN

EPSS Score

49% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 12, 2007
Vulnerability Reserved
Apr 24, 2007