CVE-2007-2225

CVE	CVE-2007-2225
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-06-12 20:30:00 UTC
Updated	2018-10-16 16:42:00 UTC
Description	A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Problem Types: NVD-CWE-Other

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Outlook Express	6.0	All	All	All
Application	Microsoft	Outlook Express	6.0	All	All	All
Operating System	Microsoft	Windows 2003 Server	All	All	x64	All
Operating System	Microsoft	Windows 2003 Server	All	sp2	x64	All
Operating System	Microsoft	Windows 2003 Server	sp1	All	All	All
Operating System	Microsoft	Windows 2003 Server	sp1	All	itanium	All
Operating System	Microsoft	Windows 2003 Server	sp2	All	itanium	All
Operating System	Microsoft	Windows 2003 Server	All	All	x64	All
Operating System	Microsoft	Windows 2003 Server	All	sp2	x64	All
Operating System	Microsoft	Windows 2003 Server	sp1	All	All	All
Operating System	Microsoft	Windows 2003 Server	sp1	All	itanium	All
Operating System	Microsoft	Windows 2003 Server	sp2	All	itanium	All
Application	Microsoft	Windows Mail	All	All	All	All
Application	Microsoft	Windows Mail	All	All	All	All
Operating System	Microsoft	Windows Vista	All	gold	All	All
Operating System	Microsoft	Windows Vista	All	gold	x64	All
Operating System	Microsoft	Windows Vista	All	gold	All	All
Operating System	Microsoft	Windows Vista	All	gold	x64	All
Operating System	Microsoft	Windows Xp	All	All	professional_x64	All
Operating System	Microsoft	Windows Xp	All	sp2	All	All
Operating System	Microsoft	Windows Xp	All	sp2	professional_x64	All
Operating System	Microsoft	Windows Xp	All	All	professional_x64	All
Operating System	Microsoft	Windows Xp	All	sp2	All	All
Operating System	Microsoft	Windows Xp	All	sp2	professional_x64	All

Reference	Source	Link	Tags
401 Authorization Required	MISC	archive.openmya.devnull.jp
Microsoft Security Bulletin MS07-034 - Critical \| Microsoft Docs	MS	docs.microsoft.com
Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability	BID	www.securityfocus.com
openmya.hacker.jp/hasegawa/security/ms07-034.txt	MISC	openmya.hacker.jp
35345	OSVDB	osvdb.org
Microsoft Outlook Express and Windows Mail Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
US-CERT Vulnerability Note VU#682825	CERT-VN	www.kb.cert.org	US Government Resource
SecurityFocus	HP	www.securityfocus.com
SecurityTracker.com Archives - Outlook Express MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information	SECTRACK	www.securitytracker.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
US-CERT Technical Cyber Security Alert TA07-163A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information - SecurityTracker	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.