CVE-2007-2225
Summary
| CVE | CVE-2007-2225 |
|---|---|
| State | PUBLISHED |
| Assigner | microsoft |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-06-12 20:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." |
Risk And Classification
Primary CVSS: v2.0 4.3 from [email protected]
AV:N/AC:M/Au:N/C:P/I:N/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Outlook Express | 6.0 | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | All | All | x64 | All |
| Operating System | Microsoft | Windows 2003 Server | All | sp2 | x64 | All |
| Operating System | Microsoft | Windows 2003 Server | sp1 | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | sp1 | All | itanium | All |
| Operating System | Microsoft | Windows 2003 Server | sp2 | All | itanium | All |
| Application | Microsoft | Windows Mail | All | All | All | All |
| Operating System | Microsoft | Windows Vista | All | gold | All | All |
| Operating System | Microsoft | Windows Vista | All | gold | x64 | All |
| Operating System | Microsoft | Windows Xp | All | All | professional_x64 | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | All | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | professional_x64 | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| 401 Authorization Required | af854a3a-2127-422b-91ae-364da2661108 | archive.openmya.devnull.jp | |
| US-CERT Vulnerability Note VU#682825 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SecurityTracker.com Archives - Outlook Express MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Microsoft Security Bulletin MS07-034 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| openmya.hacker.jp/hasegawa/security/ms07-034.txt | af854a3a-2127-422b-91ae-364da2661108 | openmya.hacker.jp | |
| Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| osvdb.org/35345 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| US-CERT Technical Cyber Security Alert TA07-163A -- Microsoft Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| Microsoft Outlook Express and Windows Mail Multiple Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.