Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for windows_mail by microsoft

    CVE-2018-8305 (GCVE-0-2018-8305)

    Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1041270 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/104618 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Mail, Calendar, and People in Windows 8.1 App Store Affected: Mail, Calendar, and People in Windows 8.1 App Store
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041270",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041270"
              },
              {
                "name": "104618",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104618"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mail, Calendar, and People in Windows 8.1 App Store",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Mail, Calendar, and People in Windows 8.1 App Store"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1041270",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041270"
            },
            {
              "name": "104618",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104618"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mail, Calendar, and People in Windows 8.1 App Store",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mail, Calendar, and People in Windows 8.1 App Store"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041270",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041270"
                },
                {
                  "name": "104618",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104618"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8305",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0816 (GCVE-0-2010-0816)

    Vulnerability from nvd – Published: 2010-05-12 01:00 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-05-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:39.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
              },
              {
                "name": "MS10-030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
              },
              {
                "name": "TA10-131A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
              },
              {
                "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
              },
              {
                "name": "oval:org.mitre.oval:def:6734",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
              },
              {
                "name": "40052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
            },
            {
              "name": "MS10-030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
            },
            {
              "name": "TA10-131A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
            },
            {
              "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6734",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
            },
            {
              "name": "40052",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2010-0816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13",
                  "refsource": "MISC",
                  "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
                },
                {
                  "name": "MS10-030",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
                },
                {
                  "name": "TA10-131A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
                },
                {
                  "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:6734",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
                },
                {
                  "name": "40052",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2010-0816",
        "datePublished": "2010-05-12T01:00:00.000Z",
        "dateReserved": "2010-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:39.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1448 (GCVE-0-2008-1448)

    Vulnerability from nvd – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1020679 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/30585 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.coresecurity.com/content/internet-expl… x_refsource_MISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securitytracker.com/id?1020680 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/archive/1/495458/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31415 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/2352 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020679"
              },
              {
                "name": "30585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30585"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
              },
              {
                "name": "MS08-048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
              },
              {
                "name": "1020680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020680"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
              },
              {
                "name": "31415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31415"
              },
              {
                "name": "ADV-2008-2352",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2352"
              },
              {
                "name": "oval:org.mitre.oval:def:5886",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1020679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020679"
            },
            {
              "name": "30585",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30585"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
            },
            {
              "name": "MS08-048",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
            },
            {
              "name": "1020680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020680"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
            },
            {
              "name": "31415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31415"
            },
            {
              "name": "ADV-2008-2352",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2352"
            },
            {
              "name": "oval:org.mitre.oval:def:5886",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020679"
                },
                {
                  "name": "30585",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30585"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "http://www.coresecurity.com/content/internet-explorer-zone-elevation",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
                },
                {
                  "name": "MS08-048",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
                },
                {
                  "name": "1020680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020680"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
                },
                {
                  "name": "31415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31415"
                },
                {
                  "name": "ADV-2008-2352",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2352"
                },
                {
                  "name": "oval:org.mitre.oval:def:5886",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1448",
        "datePublished": "2008-08-13T00:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3897 (GCVE-0-2007-3897)

    Vulnerability from nvd – Published: 2007-10-09 22:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1018785 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/482366/100… vendor-advisoryx_refsource_HP
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/481983/100… mailing-listx_refsource_BUGTRAQ
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.vupen.com/english/advisories/2007/3436 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1018786 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/25908 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA07-282A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/27112 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:05.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1018785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018785"
              },
              {
                "name": "HPSBST02280",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
              },
              {
                "name": "SSRT071480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
              },
              {
                "name": "oval:org.mitre.oval:def:1706",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
              },
              {
                "name": "MS07-056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
              },
              {
                "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
              },
              {
                "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
              },
              {
                "name": "ADV-2007-3436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3436"
              },
              {
                "name": "1018786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018786"
              },
              {
                "name": "25908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25908"
              },
              {
                "name": "TA07-282A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
              },
              {
                "name": "27112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1018785",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018785"
            },
            {
              "name": "HPSBST02280",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "SSRT071480",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1706",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
            },
            {
              "name": "MS07-056",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
            },
            {
              "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
            },
            {
              "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
            },
            {
              "name": "ADV-2007-3436",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3436"
            },
            {
              "name": "1018786",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018786"
            },
            {
              "name": "25908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25908"
            },
            {
              "name": "TA07-282A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
            },
            {
              "name": "27112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-3897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1018785",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018785"
                },
                {
                  "name": "HPSBST02280",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
                },
                {
                  "name": "SSRT071480",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
                },
                {
                  "name": "oval:org.mitre.oval:def:1706",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
                },
                {
                  "name": "MS07-056",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
                },
                {
                  "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
                },
                {
                  "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
                },
                {
                  "name": "ADV-2007-3436",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3436"
                },
                {
                  "name": "1018786",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018786"
                },
                {
                  "name": "25908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25908"
                },
                {
                  "name": "TA07-282A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
                },
                {
                  "name": "27112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-3897",
        "datePublished": "2007-10-09T22:00:00.000Z",
        "dateReserved": "2007-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:05.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2227 (GCVE-0-2007-2227)

    Vulnerability from nvd – Published: 2007-06-12 21:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/471947/100… vendor-advisoryx_refsource_HP
    http://openmya.hacker.jp/hasegawa/security/ms07-034.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/472002/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018233 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1018234 vdb-entryx_refsource_SECTRACK
    http://archive.openmya.devnull.jp/2007.06/msg00060.html x_refsource_MISC
    http://www.securityfocus.com/bid/24410 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA07-163A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/25639 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/35346 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/2154 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2007-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS07-034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
              },
              {
                "name": "SSRT071438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
              },
              {
                "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
              },
              {
                "name": "1018233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018233"
              },
              {
                "name": "1018234",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
              },
              {
                "name": "24410",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24410"
              },
              {
                "name": "TA07-163A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
              },
              {
                "name": "25639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25639"
              },
              {
                "name": "35346",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35346"
              },
              {
                "name": "ADV-2007-2154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2154"
              },
              {
                "name": "oval:org.mitre.oval:def:2085",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
              },
              {
                "name": "HPSBST02231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS07-034",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "SSRT071438",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "1018233",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018233"
            },
            {
              "name": "1018234",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "24410",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24410"
            },
            {
              "name": "TA07-163A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "25639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "35346",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35346"
            },
            {
              "name": "ADV-2007-2154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "oval:org.mitre.oval:def:2085",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
            },
            {
              "name": "HPSBST02231",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-2227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS07-034",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
                },
                {
                  "name": "SSRT071438",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                },
                {
                  "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
                  "refsource": "MISC",
                  "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
                },
                {
                  "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
                },
                {
                  "name": "1018233",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018233"
                },
                {
                  "name": "1018234",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018234"
                },
                {
                  "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
                  "refsource": "MISC",
                  "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
                },
                {
                  "name": "24410",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24410"
                },
                {
                  "name": "TA07-163A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
                },
                {
                  "name": "25639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25639"
                },
                {
                  "name": "35346",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35346"
                },
                {
                  "name": "ADV-2007-2154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2154"
                },
                {
                  "name": "oval:org.mitre.oval:def:2085",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
                },
                {
                  "name": "HPSBST02231",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-2227",
        "datePublished": "2007-06-12T21:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2225 (GCVE-0-2007-2225)

    Vulnerability from nvd – Published: 2007-06-12 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securitytracker.com/id?1018232 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/682825 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/471947/100… vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/24392 vdb-entryx_refsource_BID
    http://openmya.hacker.jp/hasegawa/security/ms07-034.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/472002/100… mailing-listx_refsource_BUGTRAQ
    http://archive.openmya.devnull.jp/2007.06/msg00060.html x_refsource_MISC
    http://osvdb.org/35345 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018231 vdb-entryx_refsource_SECTRACK
    http://www.us-cert.gov/cas/techalerts/TA07-163A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/25639 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2154 vdb-entryx_refsource_VUPEN
    Date Public
    2007-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS07-034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
              },
              {
                "name": "1018232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018232"
              },
              {
                "name": "VU#682825",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/682825"
              },
              {
                "name": "SSRT071438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              },
              {
                "name": "24392",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24392"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
              },
              {
                "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
              },
              {
                "name": "35345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35345"
              },
              {
                "name": "1018231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018231"
              },
              {
                "name": "TA07-163A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2045",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
              },
              {
                "name": "25639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25639"
              },
              {
                "name": "ADV-2007-2154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2154"
              },
              {
                "name": "HPSBST02231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS07-034",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "1018232",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018232"
            },
            {
              "name": "VU#682825",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/682825"
            },
            {
              "name": "SSRT071438",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "24392",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24392"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "35345",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35345"
            },
            {
              "name": "1018231",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018231"
            },
            {
              "name": "TA07-163A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2045",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
            },
            {
              "name": "25639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "HPSBST02231",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-2225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS07-034",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
                },
                {
                  "name": "1018232",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018232"
                },
                {
                  "name": "VU#682825",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/682825"
                },
                {
                  "name": "SSRT071438",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                },
                {
                  "name": "24392",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24392"
                },
                {
                  "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
                  "refsource": "MISC",
                  "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
                },
                {
                  "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
                },
                {
                  "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
                  "refsource": "MISC",
                  "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
                },
                {
                  "name": "35345",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35345"
                },
                {
                  "name": "1018231",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018231"
                },
                {
                  "name": "TA07-163A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2045",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
                },
                {
                  "name": "25639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25639"
                },
                {
                  "name": "ADV-2007-2154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2154"
                },
                {
                  "name": "HPSBST02231",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-2225",
        "datePublished": "2007-06-12T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8305 (GCVE-0-2018-8305)

    Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1041270 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/104618 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Mail, Calendar, and People in Windows 8.1 App Store Affected: Mail, Calendar, and People in Windows 8.1 App Store
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1041270",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041270"
              },
              {
                "name": "104618",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104618"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mail, Calendar, and People in Windows 8.1 App Store",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Mail, Calendar, and People in Windows 8.1 App Store"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1041270",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041270"
            },
            {
              "name": "104618",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104618"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8305",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mail, Calendar, and People in Windows 8.1 App Store",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Mail, Calendar, and People in Windows 8.1 App Store"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1041270",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041270"
                },
                {
                  "name": "104618",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104618"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8305",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0816 (GCVE-0-2010-0816)

    Vulnerability from cvelistv5 – Published: 2010-05-12 01:00 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-05-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:39.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
              },
              {
                "name": "MS10-030",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
              },
              {
                "name": "TA10-131A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
              },
              {
                "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
              },
              {
                "name": "oval:org.mitre.oval:def:6734",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
              },
              {
                "name": "40052",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40052"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-05-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
            },
            {
              "name": "MS10-030",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
            },
            {
              "name": "TA10-131A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
            },
            {
              "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6734",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
            },
            {
              "name": "40052",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40052"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2010-0816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka \"Outlook Express and Windows Mail Integer Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13",
                  "refsource": "MISC",
                  "url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=13\u0026Itemid=13"
                },
                {
                  "name": "MS10-030",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-030"
                },
                {
                  "name": "TA10-131A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA10-131A.html"
                },
                {
                  "name": "20100511 {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0068.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:6734",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6734"
                },
                {
                  "name": "40052",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40052"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2010-0816",
        "datePublished": "2010-05-12T01:00:00.000Z",
        "dateReserved": "2010-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:39.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1448 (GCVE-0-2008-1448)

    Vulnerability from cvelistv5 – Published: 2008-08-13 00:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1020679 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/30585 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA08-225A.html third-party-advisoryx_refsource_CERT
    http://www.coresecurity.com/content/internet-expl… x_refsource_MISC
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securitytracker.com/id?1020680 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=121915960406986&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/archive/1/495458/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/31415 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/2352 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2008-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:41.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020679"
              },
              {
                "name": "30585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30585"
              },
              {
                "name": "TA08-225A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
              },
              {
                "name": "MS08-048",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
              },
              {
                "name": "1020680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020680"
              },
              {
                "name": "HPSBST02360",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "SSRT080117",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
              },
              {
                "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
              },
              {
                "name": "31415",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31415"
              },
              {
                "name": "ADV-2008-2352",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2352"
              },
              {
                "name": "oval:org.mitre.oval:def:5886",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1020679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020679"
            },
            {
              "name": "30585",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30585"
            },
            {
              "name": "TA08-225A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
            },
            {
              "name": "MS08-048",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
            },
            {
              "name": "1020680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020680"
            },
            {
              "name": "HPSBST02360",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "SSRT080117",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
            },
            {
              "name": "31415",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31415"
            },
            {
              "name": "ADV-2008-2352",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2352"
            },
            {
              "name": "oval:org.mitre.oval:def:5886",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2008-1448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka \"URL Parsing Cross-Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020679"
                },
                {
                  "name": "30585",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30585"
                },
                {
                  "name": "TA08-225A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
                },
                {
                  "name": "http://www.coresecurity.com/content/internet-explorer-zone-elevation",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/content/internet-explorer-zone-elevation"
                },
                {
                  "name": "MS08-048",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048"
                },
                {
                  "name": "1020680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020680"
                },
                {
                  "name": "HPSBST02360",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "SSRT080117",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
                },
                {
                  "name": "20080813 CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495458/100/0/threaded"
                },
                {
                  "name": "31415",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31415"
                },
                {
                  "name": "ADV-2008-2352",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2352"
                },
                {
                  "name": "oval:org.mitre.oval:def:5886",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2008-1448",
        "datePublished": "2008-08-13T00:00:00.000Z",
        "dateReserved": "2008-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:41.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3897 (GCVE-0-2007-3897)

    Vulnerability from cvelistv5 – Published: 2007-10-09 22:00 – Updated: 2024-08-07 14:37
    VLAI
    Summary
    Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1018785 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/482366/100… vendor-advisoryx_refsource_HP
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/481983/100… mailing-listx_refsource_BUGTRAQ
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.vupen.com/english/advisories/2007/3436 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1018786 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/25908 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA07-282A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/27112 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:37:05.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1018785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018785"
              },
              {
                "name": "HPSBST02280",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
              },
              {
                "name": "SSRT071480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
              },
              {
                "name": "oval:org.mitre.oval:def:1706",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
              },
              {
                "name": "MS07-056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
              },
              {
                "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
              },
              {
                "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
              },
              {
                "name": "ADV-2007-3436",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3436"
              },
              {
                "name": "1018786",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018786"
              },
              {
                "name": "25908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25908"
              },
              {
                "name": "TA07-282A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
              },
              {
                "name": "27112",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1018785",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018785"
            },
            {
              "name": "HPSBST02280",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "SSRT071480",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1706",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
            },
            {
              "name": "MS07-056",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
            },
            {
              "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
            },
            {
              "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
            },
            {
              "name": "ADV-2007-3436",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3436"
            },
            {
              "name": "1018786",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018786"
            },
            {
              "name": "25908",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25908"
            },
            {
              "name": "TA07-282A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
            },
            {
              "name": "27112",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-3897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1018785",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018785"
                },
                {
                  "name": "HPSBST02280",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
                },
                {
                  "name": "SSRT071480",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
                },
                {
                  "name": "oval:org.mitre.oval:def:1706",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
                },
                {
                  "name": "MS07-056",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
                },
                {
                  "name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
                },
                {
                  "name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
                },
                {
                  "name": "ADV-2007-3436",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3436"
                },
                {
                  "name": "1018786",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018786"
                },
                {
                  "name": "25908",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25908"
                },
                {
                  "name": "TA07-282A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
                },
                {
                  "name": "27112",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-3897",
        "datePublished": "2007-10-09T22:00:00.000Z",
        "dateReserved": "2007-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:37:05.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2227 (GCVE-0-2007-2227)

    Vulnerability from cvelistv5 – Published: 2007-06-12 21:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securityfocus.com/archive/1/471947/100… vendor-advisoryx_refsource_HP
    http://openmya.hacker.jp/hasegawa/security/ms07-034.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/472002/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018233 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1018234 vdb-entryx_refsource_SECTRACK
    http://archive.openmya.devnull.jp/2007.06/msg00060.html x_refsource_MISC
    http://www.securityfocus.com/bid/24410 vdb-entryx_refsource_BID
    http://www.us-cert.gov/cas/techalerts/TA07-163A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/25639 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/35346 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/2154 vdb-entryx_refsource_VUPEN
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2007-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS07-034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
              },
              {
                "name": "SSRT071438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
              },
              {
                "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
              },
              {
                "name": "1018233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018233"
              },
              {
                "name": "1018234",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
              },
              {
                "name": "24410",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24410"
              },
              {
                "name": "TA07-163A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
              },
              {
                "name": "25639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25639"
              },
              {
                "name": "35346",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35346"
              },
              {
                "name": "ADV-2007-2154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2154"
              },
              {
                "name": "oval:org.mitre.oval:def:2085",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
              },
              {
                "name": "HPSBST02231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS07-034",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "SSRT071438",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "name": "1018233",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018233"
            },
            {
              "name": "1018234",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "24410",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24410"
            },
            {
              "name": "TA07-163A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "25639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "35346",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35346"
            },
            {
              "name": "ADV-2007-2154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "oval:org.mitre.oval:def:2085",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
            },
            {
              "name": "HPSBST02231",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-2227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS07-034",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
                },
                {
                  "name": "SSRT071438",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                },
                {
                  "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
                  "refsource": "MISC",
                  "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
                },
                {
                  "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
                },
                {
                  "name": "1018233",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018233"
                },
                {
                  "name": "1018234",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018234"
                },
                {
                  "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
                  "refsource": "MISC",
                  "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
                },
                {
                  "name": "24410",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24410"
                },
                {
                  "name": "TA07-163A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
                },
                {
                  "name": "25639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25639"
                },
                {
                  "name": "35346",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35346"
                },
                {
                  "name": "ADV-2007-2154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2154"
                },
                {
                  "name": "oval:org.mitre.oval:def:2085",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
                },
                {
                  "name": "HPSBST02231",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-2227",
        "datePublished": "2007-06-12T21:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2225 (GCVE-0-2007-2225)

    Vulnerability from cvelistv5 – Published: 2007-06-12 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.securitytracker.com/id?1018232 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/682825 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/archive/1/471947/100… vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/24392 vdb-entryx_refsource_BID
    http://openmya.hacker.jp/hasegawa/security/ms07-034.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/472002/100… mailing-listx_refsource_BUGTRAQ
    http://archive.openmya.devnull.jp/2007.06/msg00060.html x_refsource_MISC
    http://osvdb.org/35345 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018231 vdb-entryx_refsource_SECTRACK
    http://www.us-cert.gov/cas/techalerts/TA07-163A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/25639 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2154 vdb-entryx_refsource_VUPEN
    Date Public
    2007-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MS07-034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
              },
              {
                "name": "1018232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018232"
              },
              {
                "name": "VU#682825",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/682825"
              },
              {
                "name": "SSRT071438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              },
              {
                "name": "24392",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24392"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
              },
              {
                "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
              },
              {
                "name": "35345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35345"
              },
              {
                "name": "1018231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018231"
              },
              {
                "name": "TA07-163A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:2045",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
              },
              {
                "name": "25639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25639"
              },
              {
                "name": "ADV-2007-2154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2154"
              },
              {
                "name": "HPSBST02231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "MS07-034",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
            },
            {
              "name": "1018232",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018232"
            },
            {
              "name": "VU#682825",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/682825"
            },
            {
              "name": "SSRT071438",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "24392",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24392"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
            },
            {
              "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
            },
            {
              "name": "35345",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35345"
            },
            {
              "name": "1018231",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018231"
            },
            {
              "name": "TA07-163A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2045",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
            },
            {
              "name": "25639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25639"
            },
            {
              "name": "ADV-2007-2154",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2154"
            },
            {
              "name": "HPSBST02231",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2007-2225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"URL Parsing Cross Domain Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MS07-034",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
                },
                {
                  "name": "1018232",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018232"
                },
                {
                  "name": "VU#682825",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/682825"
                },
                {
                  "name": "SSRT071438",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                },
                {
                  "name": "24392",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24392"
                },
                {
                  "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
                  "refsource": "MISC",
                  "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
                },
                {
                  "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
                },
                {
                  "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
                  "refsource": "MISC",
                  "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
                },
                {
                  "name": "35345",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35345"
                },
                {
                  "name": "1018231",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018231"
                },
                {
                  "name": "TA07-163A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:2045",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045"
                },
                {
                  "name": "25639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25639"
                },
                {
                  "name": "ADV-2007-2154",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2154"
                },
                {
                  "name": "HPSBST02231",
                  "refsource": "HP",
                  "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2007-2225",
        "datePublished": "2007-06-12T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }