Microsoft Outlook Express and Windows Mail URL Parsing Cross-Domain Information Disclosure Vulnerability( 13 August 2008 )

Last Update Date: 28 Jan 2011 Release Date: 13 Aug 2008 4604 Views

RISK: Medium Risk

Medium Risk

An information disclosure vulnerability exists in Outlook Express and Windows Mail because the MHTML protocol handler incorrectly interprets MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions when returning MHTML content. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page through Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain or the local computer.

Impact

  • Information Disclosure

System / Technologies affected

  • Microsoft Outlook Express 5.5
  • Microsoft Outlook Express 6
  • Windows Mail
  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Access Snapshot Viewer Arbitrary File Download Vulnerability( 13 August 2008 )

13 Aug 2008 4733 Views

Next

Microsoft Office Filters Multiple Vulnerabilities( 13 August 2008 )

13 Aug 2008 4593 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY