7.1

CVE-2008-1448

EPSS 45.54%
Veröffentlicht 13.08.2008 00:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Outlook Express Version5.5 Updatesp2

Microsoft ≫ Outlook Express Version6.0

Microsoft ≫ Outlook Express Version6.0 Updatesp1

Microsoft ≫ Windows Mail

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.54%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

http://marc.info/?l=bugtraq&m=121915960406986&w=2

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

US Government Resource

http://secunia.com/advisories/31415

Patch

Vendor Advisory

http://www.coresecurity.com/content/internet-explorer-zone-elevation

http://www.securityfocus.com/archive/1/495458/100/0/threaded

http://www.securityfocus.com/bid/30585

Patch

http://www.securitytracker.com/id?1020679

http://www.securitytracker.com/id?1020680

http://www.vupen.com/english/advisories/2008/2352

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886

https://nvd.nist.gov/vuln/detail/CVE-2008-1448

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1448

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1448

EUVD