Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-1448 | First vendor Publication | 2008-08-12 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1448 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5886 | |||
Oval ID: | oval:org.mitre.oval:def:5886 | ||
Title: | URL Parsing Cross-Domain Information Disclosure Vulnerability | ||
Description: | The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1448 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Microsoft Mail |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2008-08-19 | Name : Security Update for Outlook Express (951066) File : nvt/secpod_ms08-048_900031.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47413 | Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer MHTML zone control bypass attempt RuleID : 13962 - Revision : 12 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-08-13 | Name : An information disclosure vulnerability is present on the remote host due to ... File : smb_nt_ms08-048.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:07:19 |
|
2021-04-22 01:07:43 |
|
2020-05-23 00:21:29 |
|
2018-10-13 00:22:40 |
|
2018-10-12 00:20:17 |
|
2017-09-29 09:23:28 |
|
2016-04-26 17:14:58 |
|
2014-02-17 10:44:22 |
|
2014-01-19 21:24:54 |
|
2013-05-11 00:13:18 |
|