Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/08/2008 Updated: 12/10/2018

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote malicious users to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft outlook express 5.5
microsoft windows mail
microsoft outlook express 6.0

CWE-264 http://www.securityfocus.com/bid/30585 http://www.securitytracker.com/id?1020679 http://www.securitytracker.com/id?1020680 http://secunia.com/advisories/31415 http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://www.coresecurity.com/content/internet-explorer-zone-elevation http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886 http://www.securityfocus.com/archive/1/495458/100/0/threaded https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1448

Vulnerability Summary

References

Vulmon Search

About

Products

Connect