Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Microsoft Outlook Express / Windows Mail (multiple bugs)
дополнено с 12 июня 2007 г.
Опубликовано:22 июня 2007 г.
Источник:
SecurityVulns ID:7808
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные уязвимости при разборе формата MHTML. Выполнение кода через ссылки UNC.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.")
 CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability.")
 CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).)
 CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability.")
Оригинальный текстdocumentHASEGAWA Yosuke, [Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler (22.06.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-034 - Critical Cumulative Security Update for Outlook Express and Windows Mail (929123) (12.06.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород