Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
BID:24410
Info
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
| Bugtraq ID: | 24410 |
| Class: | Origin Validation Error |
| CVE: |
CVE-2007-2227 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 12 2007 12:00AM |
| Updated: | Jun 14 2007 04:09PM |
| Credit: | Yosuke Hasegawa of WASC is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Windows Mail 0 Microsoft Outlook Express 6.0 SP2 Microsoft Outlook Express 6.0 SP1 Microsoft Outlook Express 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
Outlook Express is prone to a cross-domain information-disclosure vulnerability.
This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain.
Outlook Express is prone to a cross-domain information-disclosure vulnerability.
This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain.
Exploit / POC
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into visiting a malicious page or viewing a malicious HTML email.
To exploit this issue, an attacker must entice an unsuspecting victim into visiting a malicious page or viewing a malicious HTML email.
Solution / Fix
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
Solution:
The vendor has released an advisory to address this issue in supported applications. Please see the referenced advisory for details on obtaining the appropriate updates.
Microsoft Windows Mail 0
Microsoft Outlook Express 6.0 SP2
Solution:
The vendor has released an advisory to address this issue in supported applications. Please see the referenced advisory for details on obtaining the appropriate updates.
Microsoft Windows Mail 0
-
Microsoft Cumulative Security Update for Outlook Express for Windows Vista (KB929123)
Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea -48f2-ae28-e76fd2018633&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Vista for x64-based Systems (KB929123)
Windows Vista x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794 -4423-b11d-885329fbdf78&displaylang=en
Microsoft Outlook Express 6.0 SP2
-
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123)
Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c -4ab7-9283-c693d7bd82be&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123)
Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c -4ab7-9283-c693d7bd82be&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 for Itanium-based Systems (KB
Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571 -437d-a612-99175ac39025&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 for Itanium-based Systems (KB
Windows Server 2003 with SP2 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571 -437d-a612-99175ac39025&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 x64 Edition (KB929123)
Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285 -45e5-84bd-71ae9da126e3&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 x64 Edition (KB929123)
Windows Server 2003 x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285 -45e5-84bd-71ae9da126e3&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows XP (KB929123)
Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872 -4803-b610-4c895ceb99aa&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows XP x64 Edition (KB929123)
Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb -40f0-8960-b9debc8413e7&displaylang=en -
Microsoft Cumulative Security Update for Outlook Express for Windows XP x64 Edition (KB929123)
Windows XP Professional x64 Edition Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb -40f0-8960-b9debc8413e7&displaylang=en
References
Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
References:
References:
- Outlook Express Homepage (Microsoft)
- Windows Mail Product Page (Microsoft Corporation)
- Microsoft Homepage (Microsoft)
- Microsoft Security Bulletin MS07-034 - Critical (Microsoft)