OSVDB ID: 35346

Title: Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure

Info

Disclosure

Jun 12, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 12, 2007

Description

Classification

Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1018233 1018234
CVE ID: 2007-2227 (see also: NVD)
Bugtraq ID: 24410
Secunia Advisory ID: 25639
SCIP VulDB ID: 3127
Related OSVDB ID: 35345
Microsoft Knowledge Base Article: 929123
VUPEN Advisory: ADV-2007-2154
Other Advisory URL: http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0275.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0280.html
News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199902337
Microsoft Security Bulletin: MS07-034
US-CERT Cyber Security Alert: TA07-163A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35346