4.3

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOutlook Express Version6.0
   MicrosoftWindows 2003 Server Editionx64
   MicrosoftWindows 2003 Server Updatesp2 Editionx64
   MicrosoftWindows 2003 Server Versionsp1
   MicrosoftWindows 2003 Server Versionsp1 Editionitanium
   MicrosoftWindows 2003 Server Versionsp2 Editionitanium
   MicrosoftWindows Xp Editionprofessional_x64
   MicrosoftWindows Xp Updatesp2
   MicrosoftWindows Xp Updatesp2 Editionprofessional_x64
MicrosoftWindows Mail
   MicrosoftWindows Vista Updategold
   MicrosoftWindows Vista Updategold Editionx64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.04% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/2154
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
http://secunia.com/advisories/25639
http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
http://www.securityfocus.com/archive/1/472002/100/0/threaded
http://osvdb.org/35346
http://www.securityfocus.com/bid/24410
http://www.securitytracker.com/id?1018233
http://www.securitytracker.com/id?1018234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085