7.1

CVE-2008-1448

EPSS 45.54%
Published 13.08.2008 00:41:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Outlook Express Version5.5 Updatesp2

Microsoft ≫ Outlook Express Version6.0

Microsoft ≫ Outlook Express Version6.0 Updatesp1

Microsoft ≫ Windows Mail

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	45.54%	0.975

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

http://marc.info/?l=bugtraq&m=121915960406986&w=2

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

US Government Resource

http://secunia.com/advisories/31415

Patch

Vendor Advisory

http://www.coresecurity.com/content/internet-explorer-zone-elevation

http://www.securityfocus.com/archive/1/495458/100/0/threaded

http://www.securityfocus.com/bid/30585

Patch

http://www.securitytracker.com/id?1020679

http://www.securitytracker.com/id?1020680

http://www.vupen.com/english/advisories/2008/2352

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886

https://nvd.nist.gov/vuln/detail/CVE-2008-1448

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1448

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1448

EUVD