English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.801716
Categoría:Windows : Microsoft Bulletins
Título:Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
Resumen:This host is missing a critical security update according to; Microsoft Bulletin MS07-034.
Descripción:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS07-034.

Vulnerability Insight:
The flaw is due to

- Error in Windows because the 'MHTML' protocol handler incorrectly interprets
the MHTML URL redirections that could potentially bypass Internet Explorer
domain restrictions.

- The way local or UNC navigation requests are handled in Windows Mail.

- Error in Windows because the 'MHTML' protocol handler incorrectly interprets
HTTP headers when returning MHTML content.

- MHTML protocol handler, which passes Content-Disposition notifications back to
Internet Explorer.

Vulnerability Impact:
Successful exploitation allows remote attackers to gain access to sensitive
information that is associated with the external domain.

Affected Software/OS:
- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2111
BugTraq ID: 17717
http://www.securityfocus.com/bid/17717
Bugtraq: 20061025 IE7 status: 8 days after release, 3 unfixed issues (Google Search)
http://www.securityfocus.com/archive/1/449917/100/0/threaded
Bugtraq: 20061026 IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006 (Google Search)
http://www.securityfocus.com/archive/1/449883/100/200/threaded
Cert/CC Advisory: TA07-163A
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
CERT/CC vulnerability note: VU#783761
http://www.kb.cert.org/vuls/id/783761
HPdes Security Advisory: HPSBST02231
http://www.securityfocus.com/archive/1/471947/100/0/threaded
HPdes Security Advisory: SSRT071438
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/
Microsoft Security Bulletin: MS07-034
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
http://www.osvdb.org/25073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1605
http://securitytracker.com/id?1016005
http://secunia.com/advisories/19738
http://secunia.com/advisories/22477
http://www.vupen.com/english/advisories/2006/1558
http://www.vupen.com/english/advisories/2007/2154
XForce ISS Database: ie-mhtml-information-disclosure(26281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26281
Common Vulnerability Exposure (CVE) ID: CVE-2007-1658
BugTraq ID: 23103
http://www.securityfocus.com/bid/23103
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html
http://isc.sans.org/diary.html?storyid=2507
http://news.com.com/2100-1002_3-6170133.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861
http://www.securitytracker.com/id?1017816
http://secunia.com/advisories/25639
XForce ISS Database: win-mail-code-execution(33167)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33167
Common Vulnerability Exposure (CVE) ID: CVE-2007-2225
BugTraq ID: 24392
http://www.securityfocus.com/bid/24392
Bugtraq: 20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler (Google Search)
http://www.securityfocus.com/archive/1/472002/100/0/threaded
CERT/CC vulnerability note: VU#682825
http://www.kb.cert.org/vuls/id/682825
http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
http://osvdb.org/35345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2045
http://www.securitytracker.com/id?1018231
http://www.securitytracker.com/id?1018232
Common Vulnerability Exposure (CVE) ID: CVE-2007-2227
BugTraq ID: 24410
http://www.securityfocus.com/bid/24410
http://osvdb.org/35346
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085
http://www.securitytracker.com/id?1018233
http://www.securitytracker.com/id?1018234
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.