oval:org.mitre.oval:def:1010

Definition Id: oval:org.mitre.oval:def:1010

Oval ID:	oval:org.mitre.oval:def:1010
Title:	Microsoft Outlook Express v6.0,SP1 MHTML URL Processing Vulnerability
Description:	The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0380	Version:	1
Platform(s):	Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Outlook Express
Definition Synopsis:
Microsoft Outlook Express 6 SP1 is installed AND the version of inetcomm.dll is less than 6.00.2800.1409 AND NOT the patch kb837009 is installed (installed components key)