CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS08-048 | Security Update for Outlook Express and Windows Mail (951066) | Microsoft Outlook | Critical | 13-08-2008 |
Technical Information
Brief overview of the risk:
An information disclosure vulnerability exists in Outlook Express and Windows Mail because the MHTML protocol handler incorrectly interprets MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions when returning MHTML content.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page through Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain or the local computer.Further information on this exploit is available at : MS08-048
Affected Software
Microsoft Outlook Express 5.5 Service Pack 2Microsoft Outlook Express 6.0
Microsoft Outlook Express 6.0 Service Pack 1
Windows Mail (Microsoft Windows Server 2008 for 32-bit Systems)
Windows Mail (Microsoft Windows Server 2008 for Itanium-based Systems)
Windows Mail (Microsoft Windows Server 2008 for x64-based Systems)
Windows Mail (Microsoft Windows Vista Service Pack 1)
Windows Mail (Microsoft Windows Vista x64 Edition Service Pack 1)
Windows Mail (Microsoft Windows Vista x64 Edition)
Windows Mail (Windows Vista)