New Search

URL Parsing Cross Domain Information Disclosure Vulnerability

oval:org.mitre.oval:def:2045

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs which allows remote attackers to obtain sensitive information from other Internet Explorer domains aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2007-2225
Product(s):
  • Microsoft Outlook Express