CVE-2007-2225 Information

Description

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs which allows remote attackers to obtain sensitive information from other Internet Explorer domains aka \URL Parsing Cross Domain Information Disclosure Vulnerability.\

Reference

http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35345 http://secunia.com/advisories/25639 http://www.kb.cert.org/vuls/id/682825 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24392 http://www.securitytracker.com/id?1018231 http://www.securitytracker.com/id?1018232 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http://www.vupen.com/english/advisories/2007/2154 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A2045