Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information
|
|
SecurityTracker Alert ID: 1018232 |
|
SecurityTracker URL: http://securitytracker.com/id/1018232
|
|
CVE Reference:
CVE-2007-2225
(Links to External Site)
|
Date: Jun 12 2007
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Windows Mail. A remote user can obtain potentially sensitive information from a different domain in the target user's browser.
The MHTML protocol handler does not properly interpret HTTP headers when returning MHTML content.
A remote user can create HTML with a specially crafted MHTML URL that, when loaded by the target user, will allow the remote user to read information from the target user's browser in the context of a different domain.
Internet Explorer may be used as an attack vector, although the vulnerability itself resides in Windows Mail.
Microsoft credits SANS ISC with reporting this vulnerability.
|
Impact:
A remote user can create a URL that, when loaded by the target user, will read information from the target user's browser in the context of a different domain.
|
Solution:
Microsoft has issued the following fixes as part of a cumulative update for Microsoft Outlook and Windows Mail.
Windows XP Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872-4803-b610-4c895ceb99aa
Windows XP Professional x64 Edition, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
Windows XP Professional x64 Edition Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb-40f0-8960-b9debc8413e7
Windows Server 2003 Service Pack 1, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be
Windows Server 2003 Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c-4ab7-9283-c693d7bd82be
Windows Server 2003 x64 Edition, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
Windows Server 2003 x64 Edition Service Pack 2, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285-45e5-84bd-71ae9da126e3
Windows Server 2003 with SP1 for Itanium-based Systems, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025
Windows Server 2003 with SP2 for Itanium-based Systems, Microsoft Outlook Express 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571-437d-a612-99175ac39025
Windows Vista, Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea-48f2-ae28-e76fd2018633
Windows Vista x64 Edition, Windows Mail:
http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794-4423-b11d-885329fbdf78
A restart is not required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-034.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Vista)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Jun 2007 14:20:47 -0400
Subject: Microsoft Security Bulletin MS07-034 - Critical: Cumulative Security Update for Outlook Express and Windows Mail (929123)
|
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
CVE-2006-2111
CVE-2007-1658
CVE-2007-2225
CVE-2007-2227
|
|
