CVE-2008-1448

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express; Windows Mail
Vendor: CVE Published:; 13 August 2008

Summary

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

References

http://www.securitytracker.com/id?1020679

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/30585

vdb-entryx_refsource_BID

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
Mar 21, 2008

Collectors

NVD DatabaseMitre Database