7.1

CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOutlook Express Version5.5 Updatesp2
MicrosoftOutlook Express Version6.0
MicrosoftOutlook Express Version6.0 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 26.63% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:C/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
US Government Resource
http://secunia.com/advisories/31415
Patch
Vendor Advisory
http://www.coresecurity.com/content/internet-explorer-zone-elevation
http://www.securityfocus.com/archive/1/495458/100/0/threaded
http://www.securityfocus.com/bid/30585
Patch
http://www.securitytracker.com/id?1020679
http://www.securitytracker.com/id?1020680
http://www.vupen.com/english/advisories/2008/2352
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886