SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Windows Mail Vendors:   Microsoft
Windows Mail MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information
SecurityTracker Alert ID:  1018234
SecurityTracker URL:  http://securitytracker.com/id/1018234
CVE Reference:   CVE-2007-2227   (Links to External Site)
Date:  Jun 12 2007
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Windows Mail. A remote user can obtain potentially sensitive information from a different domain in the target user's browser.

The MHTML protocol handler does not properly interpret Content-Disposition notifications sent back to Internet Explorer.

A remote user can create specially crafted HTML that, when loaded by the target user, will bypass the file download dialog box in Internet Explorer and read information from the target user's browser in the context of a different domain.

Internet Explorer may be used as an attack vector, although the vulnerability itself resides in Windows Mail.

Microsoft credits Yosuke Hasegawa of WebAppSec.JP with reporting this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will read information from the target user's browser in the context of a different domain.
Solution:   Microsoft has issued the following fixes as part of a cumulative update for Microsoft Outlook and Windows Mail.

Windows XP Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872-4803-b610-4c895ceb99aa

Windows XP Professional x64 Edition, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7

Windows XP Professional x64 Edition Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7

Windows Server 2003 Service Pack 1, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be

Windows Server 2003 Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be

Windows Server 2003 x64 Edition, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3

Windows Server 2003 x64 Edition Service Pack 2, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3

Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025

Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Outlook Express 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025

Windows Vista, Windows Mail:

http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633

Windows Vista x64 Edition, Windows Mail:

http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms07-034.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Vista)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC