Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information
|
|
SecurityTracker Alert ID: 1018232
|
|
SecurityTracker URL: http://securitytracker.com/id?1018232
|
|
CVE Reference: CVE-2007-2225
(Links to External Site)
|
Date: Jun 12 2007
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Description: A vulnerability was reported in Windows Mail. A remote user can obtain potentially sensitive information from a different domain in the target user's browser.
The MHTML protocol handler does not properly interpret HTTP headers when returning MHTML content.
A remote user can create HTML
with a specially crafted MHTML URL that, when loaded by the target user, will allow the remote user to read information from the
target user's browser in the context of a different domain.
Internet Explorer may be used as an attack vector, although the vulnerability
itself resides in Windows Mail.
Microsoft credits SANS ISC with reporting this vulnerability.
|
Impact: A remote user can create a URL that, when loaded by the target user, will read information from the target user's browser in the context of a different domain.
|
Solution: Microsoft has issued the following fixes as part of a cumulative update for Microsoft Outlook and Windows Mail.
Windows XP Service
Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872-4803-b610-4c895ceb99aa
Windows
XP Professional x64 Edition, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
Windows
XP Professional x64 Edition Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
Windows Server 2003 Service Pack 1, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be
Wi
ndows Server 2003 Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be
Windows
Server 2003 x64 Edition, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
Windows
Server 2003 x64 Edition Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
W
indows Server 2003 with SP1 for Itanium-based Systems, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99
175ac39025
Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-65
71-437d-a612-99175ac39025
Windows Vista, Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633
Windows
Vista x64 Edition, Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78
A
restart is not required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-034.mspx (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Vista)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Jun 2007 14:20:47 -0400
Subject: Microsoft Security Bulletin MS07-034 - Critical: Cumulative Security Update for Outlook Express and Windows Mail (929123)
|
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
CVE-2006-2111
CVE-2007-1658
CVE-2007-2225
CVE-2007-2227
|
|
