Lucene search
K

248 matches found

Cvelist
Cvelist
added 2008/08/13 12:0 a.m.39 views

CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...

6.2AI score0.2663EPSS
Exploits1References11
Core Security
Core Security
added 2008/08/13 12:0 a.m.37 views

Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass

Advisory ID Internal CORE-2008-0103 Advisory Information Title: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory ID: CORE-2008-0103 Date published: 2008-08-13 Date of last update: 2008-08-12 Vendors contacted: Microsoft Release mode: Coordinated...

7.1CVSS5.5AI score0.2663EPSS
Exploits1
CVE
CVE
added 2008/08/13 12:0 a.m.81 views

CVE-2008-1448

Technical details for CVE-2008-1448 are not provided in the connected documents. Public details are limited to related CVEs; monitor for updates.

7.1CVSS6.2AI score0.2663EPSS
Exploits1References11Affected Software2
Symantec
Symantec
added 2008/08/12 12:0 a.m.17 views

Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability

Description Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler. Note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of...

7AI score
Exploits0References2Affected Software4
Check Point Advisories
Check Point Advisories
added 2008/08/12 12:0 a.m.5 views

Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)

MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Outlook Express and Windows Mail due to a flaw in the MHTML protocol. The vulnerability is caused when...

7.1CVSS5.4AI score0.2663EPSS
Exploits1
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.78 views

Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)

Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail 951066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The...

7.1CVSS5.5AI score0.2663EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Internet Explorer vulnerable in MHTML handling

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...

4.3CVSS6.8AI score0.2504EPSS
Exploits1References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Internet Explorer vulnerable in handling MHTML protocol

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explore...

4.3CVSS6.5AI score0.2504EPSS
Exploits1References11
seebug.org
seebug.org
added 2007/12/26 12:0 a.m.32 views

Microsoft Outlook Express MHTML URL解析信息泄露漏洞(MS07-034)

BUGTRAQ ID: 24392 CVECAN ID: CVE-2007-2225 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Windows的MHTML协议处理器在返回MHTML内容时没有正确的解释HTTP头,这可能允许Internet Explorer绕过域限制。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看网页,该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0...

4.3CVSS6.4AI score0.2504EPSS
Exploits1
seebug.org
seebug.org
added 2007/12/26 12:0 a.m.28 views

Microsoft Outlook Express内容处置解析跨域信息泄露漏洞(MS07-034)

BUGTRAQ ID: 24410 CVECAN ID: CVE-2007-2227 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 MHTML协议处理程序将内容处置通知传递回Internet Explorer的方式中存在一个信息泄露漏洞,可能允许攻击者绕过Internet Explorer中的文件下载对话框。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看了该网页,漏洞就可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsof...

4.3CVSS6.4AI score0.2504EPSS
Exploits1
securityvulns
securityvulns
added 2007/06/22 12:0 a.m.67 views

Microsoft Outlook Express / Windows Mail multiple security vulnerabilities

Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs...

9.3CVSS3.8AI score0.4031EPSS
Exploits4References2
securityvulns
securityvulns
added 2007/06/22 12:0 a.m.57 views

[Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler

MS07-034: Executing arbitrary script with mhtml: protocol handler Author:Yosuke HASEGAWA yosuke.hasegawa at gmail.com Date: Wed, 21 Jun 2007 CVE: CVE-2007-2225, CVE-2007-2227 Original advisory: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt...

4.3CVSS0.1AI score0.2504EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/18 12:0 a.m.45 views

JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol

When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/18 12:0 a.m.40 views

JVN#27203006 Internet Explorer vulnerable in MHTML handling

When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...

4.3CVSS6.1AI score0.2504EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2007/06/14 12:0 a.m.2 views

Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is within the MHTML Protocol, a component of Outlook Express. The MHTML MIME Encapsulation of Aggregate HTML protocol handler provides a URL type MHTML:// that permits MHTML encoded documents to be...

4.3CVSS5.5AI score0.4031EPSS
Exploits1
CERT
CERT
added 2007/06/13 12:0 a.m.45 views

Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...

4.3CVSS5.6AI score0.4031EPSS
Exploits1References1
CERT
CERT
added 2007/06/13 12:0 a.m.35 views

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

4.3CVSS5.6AI score0.2504EPSS
Exploits1References2
Prion
Prion
added 2007/06/12 9:30 p.m.17 views

Information disclosure

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

4.3CVSS6.3AI score0.2504EPSS
Exploits1References13Affected Software1
NVD
NVD
added 2007/06/12 9:30 p.m.27 views

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

4.3CVSS5.8AI score0.2504EPSS
Exploits1References13
Cvelist
Cvelist
added 2007/06/12 9:0 p.m.31 views

CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...

5.8AI score0.2504EPSS
Exploits1References13
Rows per page
Query Builder