Microsoft Outlook Express MHTML URL解析信息泄露漏洞（MS07-034）

BUGTRAQ ID: 24392 CVECAN ID: CVE-2007-2225 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Windows的MHTML协议处理器在返回MHTML内容时没有正确的解释HTTP头，这可能允许Internet Explorer绕过域限制。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看网页，该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0...

Microsoft Outlook Express内容处置解析跨域信息泄露漏洞（MS07-034）

BUGTRAQ ID: 24410 CVECAN ID: CVE-2007-2227 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 MHTML协议处理程序将内容处置通知传递回Internet Explorer的方式中存在一个信息泄露漏洞，可能允许攻击者绕过Internet Explorer中的文件下载对话框。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看了该网页，漏洞就可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsof...

[Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler

MS07-034: Executing arbitrary script with mhtml: protocol handler Author:Yosuke HASEGAWA yosuke.hasegawa at gmail.com Date: Wed, 21 Jun 2007 CVE: CVE-2007-2225, CVE-2007-2227 Original advisory: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt...

Microsoft Outlook Express / Windows Mail multiple security vulnerabilities

Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs...

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

JVN#27203006 Internet Explorer vulnerable in MHTML handling

When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...

Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is within the MHTML Protocol, a component of Outlook Express. The MHTML MIME Encapsulation of Aggregate HTML protocol handler provides a URL type MHTML:// that permits MHTML encoded documents to be...

Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

Information disclosure

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

CVE-2007-2227

CVE-2007-2227 describes information disclosure in the MHTML protocol handler used by Outlook Express 6 and Windows Mail, which processes MHTML contents via Internet Explorer and ignores the Content-Disposition header. The vulnerability enables an attacker to obtain sensitive data from other IE do...

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

Information disclosure

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain...

CVE-2007-2225

CVE-2007-2225 involves a cross-domain information disclosure in the MHTML URI handler used by Outlook Express 6 and Windows Mail (on Windows Vista). The vulnerability arises when the MHTML protocol handler processes HTTP headers, causing IE to bypass domain restrictions and potentially disclose d...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE security problems, in the service end through the mhtml redirection...

Microsoft Internet Explorer畸形MHTML标记拒绝服务漏洞

Internet Explorer是微软发布的非常流行的WEB浏览器。 IE在解析包含畸形标记内容的MHTML文档时存在拒绝服务漏洞，远程攻击者可能利用此漏洞导致用户的IE浏览器崩溃。 Microsoft Internet Explorer 7.0 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.microsoft.com/windows/ie/default.asp Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding:...

Microsoft Internet Explorer 7 - MHTML Denial of Service

Microsoft Internet Explorer 7 - MHTML Denial of Service source: https://www.securityfocus.com/bid/20875/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content. Successfully exploitin...

Microsoft Internet Explorer 7 - MHTML Denial of Service

source: https://www.securityfocus.com/bid/20875/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content. Successfully exploiting this issue will cause the affected application to cras...

Microsoft Internet Explorer MHTML URI处理器信息泄露漏洞

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer在处理有“mhtml:”URI处理器的URL的重新定向时存在漏洞，可能允许用户访问其他WEB站点所服务的文档。 Microsoft Internet Explorer 6 for Windows XP SP2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.microsoft.com/windows/ie/default.asp...