This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2007-06-12
Product Windows Mail Last view 2018-07-10
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:* 4
cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:windows_mail:-:*:*:*:*:vista:*:* 1

Related : CVE

  Date Alert Description
6.5 2018-07-10 CVE-2018-8305

An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.

9.3 2010-05-12 CVE-2010-0816

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."

7.1 2008-08-12 CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

9.3 2007-10-09 CVE-2007-3897

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

4.3 2007-06-12 CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

4.3 2007-06-12 CVE-2007-2225

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-200 Information Exposure
25% (1) CWE-189 Numeric Errors
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:2045 URL Parsing Cross Domain Information Disclosure Vulnerability
oval:org.mitre.oval:def:2085 Content Disposition Parsing Cross Domain Information Disclosure Vulnerability
oval:org.mitre.oval:def:1706 Network News Transfer Protocol Memory Corruption Vulnerability
oval:org.mitre.oval:def:5886 URL Parsing Cross-Domain Information Disclosure Vulnerability
oval:org.mitre.oval:def:6734 Outlook Express and Windows Mail Integer Overflow Vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
64530 Microsoft Outlook Express / Windows Mail STAT Response Overflow
47413 Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure
37631 Microsoft Windows Malformed NNTP Response Remote Memory Corruption
35346 Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cr...
35345 Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information...

ExploitDB Exploits

id Description
12564 Microsoft Windows Outlook Express and Windows Mail Integer Overflow

OpenVAS Exploits

id Description
2011-01-14 Name : Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosu...
File : nvt/gb_ms07-034.nasl
2011-01-14 Name : Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow...
File : nvt/gb_ms07-056.nasl
2010-05-13 Name : Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerabilit...
File : nvt/secpod_ms10-030.nasl
2008-08-19 Name : Security Update for Outlook Express (951066)
File : nvt/secpod_ms08-048_900031.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-B-0039 Microsoft Outlook Express and Windows Mail Remote Code Executio Vulnerability
Severity: Category II - VMSKEY: V0024168
2007-B-0011 Multiple Vulnerabilities in Microsoft Outlook Express and Windows Mail
Severity: Category II - VMSKEY: V0014354

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows Mail remote code execution attempt
RuleID : 16595 - Type : SERVER-MAIL - Revision : 16
2014-01-10 Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overfl...
RuleID : 16428 - Type : FILE-OFFICE - Revision : 11
2014-01-10 Microsoft Internet Explorer MHTML zone control bypass attempt
RuleID : 13962 - Type : BROWSER-IE - Revision : 12
2014-01-10 XHDR buffer overflow attempt
RuleID : 12636 - Type : PROTOCOL-NNTP - Revision : 6

Nessus® Vulnerability Scanner

id Description
2010-05-11 Name: An integer overflow vulnerability is present on the remote host due to an iss...
File: smb_nt_ms10-030.nasl - Type: ACT_GATHER_INFO
2008-08-13 Name: An information disclosure vulnerability is present on the remote host due to ...
File: smb_nt_ms08-048.nasl - Type: ACT_GATHER_INFO
2007-10-09 Name: Arbitrary code can be executed on the remote host through the email client.
File: smb_nt_ms07-056.nasl - Type: ACT_GATHER_INFO
2007-06-12 Name: Arbitrary code can be executed on the remote host through the email client.
File: smb_nt_ms07-034.nasl - Type: ACT_GATHER_INFO