248 matches found
CVE-2008-1448
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
Advisory ID Internal CORE-2008-0103 Advisory Information Title: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory ID: CORE-2008-0103 Date published: 2008-08-13 Date of last update: 2008-08-12 Vendors contacted: Microsoft Release mode: Coordinated...
CVE-2008-1448
Technical details for CVE-2008-1448 are not provided in the connected documents. Public details are limited to related CVEs; monitor for updates.
Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
Description Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler. Note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of...
Microsoft Windows MHTML URL Parsing Information Disclosure (MS08-048; CVE-2008-1448)
MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Outlook Express and Windows Mail due to a flaw in the MHTML protocol. The vulnerability is caused when...
Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)
Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail 951066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The...
Internet Explorer vulnerable in MHTML handling
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...
Internet Explorer vulnerable in handling MHTML protocol
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows the download dialog box to be bypassed. Some versions of Outlook Express are affected because the vulnerability is contained in Outlook Express component used by Internet Explore...
Microsoft Outlook Express MHTML URL解析信息泄露漏洞(MS07-034)
BUGTRAQ ID: 24392 CVECAN ID: CVE-2007-2225 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Windows的MHTML协议处理器在返回MHTML内容时没有正确的解释HTTP头,这可能允许Internet Explorer绕过域限制。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看网页,该漏洞可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0...
Microsoft Outlook Express内容处置解析跨域信息泄露漏洞(MS07-034)
BUGTRAQ ID: 24410 CVECAN ID: CVE-2007-2227 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 MHTML协议处理程序将内容处置通知传递回Internet Explorer的方式中存在一个信息泄露漏洞,可能允许攻击者绕过Internet Explorer中的文件下载对话框。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看了该网页,漏洞就可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsof...
Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs...
[Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler
MS07-034: Executing arbitrary script with mhtml: protocol handler Author:Yosuke HASEGAWA yosuke.hasegawa at gmail.com Date: Wed, 21 Jun 2007 CVE: CVE-2007-2225, CVE-2007-2227 Original advisory: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt...
JVN#95019167 Internet Explorer vulnerable in handling MHTML protocol
When Internet Explorer accesses a website using MHTML MIME Encapsulation of Aggregate HTML, Internet Explorer processes the contents as MHTML data, ignoring their actual content types, and it does not properly handle the Content-Disposition header field. This could cause a dialog box not to be...
JVN#27203006 Internet Explorer vulnerable in MHTML handling
When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...
Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)
An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is within the MHTML Protocol, a component of Outlook Express. The MHTML MIME Encapsulation of Aggregate HTML protocol handler provides a URL type MHTML:// that permits MHTML encoded documents to be...
Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...
Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...
Information disclosure
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...
CVE-2007-2227
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...
CVE-2007-2227
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Doma...