Описание
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Ссылки
- US Government Resource
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.49839
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
EPSS
Процентиль: 98%
0.49839
Средний
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other