Lucene search

K
cveMicrosoftCVE-2007-2227
HistoryJun 12, 2007 - 9:30 p.m.

CVE-2007-2227

2007-06-1221:30:00
microsoft
web.nvd.nist.gov
30
cve-2007-2227
mhtml
microsoft
outlook express
windows mail
windows vista
content-disposition
cross domain
information disclosure
vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.084

Percentile

94.5%

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition โ€œnotifications,โ€ which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka โ€œContent Disposition Parsing Cross Domain Information Disclosure Vulnerability.โ€

Affected configurations

Nvd
Node
microsoftwindows_2003_serverx64
OR
microsoftwindows_2003_serversp2x64
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_2003_serverMatchsp1itanium
OR
microsoftwindows_2003_serverMatchsp2itanium
OR
microsoftwindows_xpprofessional_x64
OR
microsoftwindows_xpsp2
OR
microsoftwindows_xpsp2professional_x64
AND
microsoftoutlook_expressMatch6.0
Node
microsoftwindows_vistagold
OR
microsoftwindows_vistagoldx64
AND
microsoftwindows_mail
VendorProductVersionCPE
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
microsoftwindows_2003_serversp2cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
microsoftoutlook_express6.0cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
Rows per page:
1-10 of 121

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.7

Confidence

Low

EPSS

0.084

Percentile

94.5%