Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-2225 | First vendor Publication | 2007-06-12 |
Vendor | Cve | Last vendor Modification | 2018-10-16 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2225 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2045 | |||
Oval ID: | oval:org.mitre.oval:def:2045 | ||
Title: | URL Parsing Cross Domain Information Disclosure Vulnerability | ||
Description: | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-2225 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook Express |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosu... File : nvt/gb_ms07-034.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35345 | Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-06-14 | IAVM : 2007-B-0011 - Multiple Vulnerabilities in Microsoft Outlook Express and Windows Mail Severity : Category II - VMSKEY : V0014354 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Windows Mail file execution attempt RuleID : 31650 - Revision : 2 - Type : SERVER-MAIL |
2014-01-10 | Microsoft Windows Vista Windows mail file execution attempt RuleID : 16023 - Revision : 6 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Windows Vista Windows mail file execution attempt RuleID : 16022 - Revision : 14 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Windows Mail file execution attempt RuleID : 11837 - Revision : 13 - Type : SERVER-MAIL |
2014-01-10 | Microsoft Direct Speech Recognition ActiveX function call unicode access RuleID : 11833 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Direct Speech Recognition ActiveX function call access RuleID : 11832 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Direct Speech Recognition ActiveX clsid unicode access RuleID : 11831 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Direct Speech Recognition ActiveX clsid access attempt RuleID : 11830 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Voice Control ActiveX function call unicode access RuleID : 11829 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Voice Control ActiveX function call access RuleID : 11828 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Voice Control ActiveX clsid unicode access RuleID : 11827 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Voice Control Recognition ActiveX clsid access attempt RuleID : 11826 - Revision : 17 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-12 | Name : Arbitrary code can be executed on the remote host through the email client. File : smb_nt_ms07-034.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 00:19:38 |
|
2019-03-19 12:02:25 |
|
2018-10-16 21:19:55 |
|
2018-10-13 00:22:37 |
|
2017-10-11 09:23:56 |
|
2016-06-28 16:24:17 |
|
2016-04-26 16:02:22 |
|
2014-02-17 10:39:55 |
|
2013-11-11 12:37:43 |
|
2013-05-11 10:23:53 |
|
2012-11-07 00:14:40 |
|