Cross-Domain Information Disclosure in Microsoft Outlook Express and Windows Mail
CVE-2008-1448

Currently unrated

Key Information:

Vendor

Microsoft
Status
Outlook Express
Windows Mail
Vendor
CVE Published:
13 August 2008

What is CVE-2008-1448?

A vulnerability in the MHTML protocol handler of Microsoft Outlook Express 5.5 SP2 and 6 SP1, along with Windows Mail, could allow remote attackers to bypass intended access restrictions. This occurs due to incorrect assignment of Internet Explorer Security Zones to UNC share pathnames. Attackers can exploit this flaw to read arbitrary files from the affected devices by utilizing an mhtml: URI in combination with a redirection, highlighting the importance of securing email clients against such cross-domain information disclosure threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id?1020679
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/30585
vdb-entryx_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
third-party-advisoryx_refsource_CERT

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.