CVE-2007-2225
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/06/2007
Last modified:
09/04/2025
Description
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archive.openmya.devnull.jp/2007.06/msg00060.html
- http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
- http://osvdb.org/35345
- http://secunia.com/advisories/25639
- http://www.kb.cert.org/vuls/id/682825
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/archive/1/472002/100/0/threaded
- http://www.securityfocus.com/bid/24392
- http://www.securitytracker.com/id?1018231=
- http://www.securitytracker.com/id?1018232=
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.vupen.com/english/advisories/2007/2154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045
- http://archive.openmya.devnull.jp/2007.06/msg00060.html
- http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
- http://osvdb.org/35345
- http://secunia.com/advisories/25639
- http://www.kb.cert.org/vuls/id/682825
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/archive/1/472002/100/0/threaded
- http://www.securityfocus.com/bid/24392
- http://www.securitytracker.com/id?1018231=
- http://www.securitytracker.com/id?1018232=
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.vupen.com/english/advisories/2007/2154
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045