Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-1658 to a friend New vulnerability? New tool? Tell us	CVE-2007-1658 Cumulative Security Update for Outlook Express and Windows Mail (MS07-034)     Credit: The information has been provided by Microsoft Product Security. The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-1658 Details Check for CVE-2007-1658 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Windows XP Service Pack 2 - Microsoft Outlook Express 6 - Information Disclosure - Important (MS06-016, MS06-043, MS06-076)  * Windows XP Professional x64 Edition - Microsoft Outlook Express 6 - Information Disclosure - Important (MS06-016, MS06-043, MS06-076)  * Windows XP Professional x64 Edition Service Pack 2 - Microsoft Outlook Express 6 - Information Disclosure - Important  * Windows Server 2003 Service Pack 1 - Microsoft Outlook Express 6 - Information Disclosure - Low (MS06-016, MS06-043, MS06-076)  * Windows Server 2003 Service Pack 2 - Microsoft Outlook Express 6 - Information Disclosure - Low  * Windows Server 2003 x64 Edition - Microsoft Outlook Express 6 - Information Disclosure - Moderate (MS06-016, MS06-043, MS06-076)  * Windows Server 2003 x64 Edition Service Pack 2 - Microsoft Outlook Express 6 - Information Disclosure - Moderate  * Windows Server 2003 with SP1 for Itanium-based Systems - Microsoft Outlook Express 6 - Information Disclosure - Low (MS06-016, MS06-043, MS06-076)  * Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft Outlook Express 6 - Information Disclosure - Low  * Windows Vista - Windows Mail - Remote Code Execution - Critical  * Windows Vista x64 Edition - Windows Mail - Remote Code Execution - Critical Immune Systems:  * Windows 2000 Service Pack 4 - Outlook Express 5.5 Service Pack 2  * Windows 2000 Service Pack 4 - Outlook Express 6 Service Pack 1 URL Redirect Cross Domain Information Disclosure Vulnerability - CVE-2006-2111 An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets the MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2006-2111. Windows Mail UNC Navigation Request Remote Code Execution Vulnerability - CVE-2007-1658 A remote code execution vulnerability results from the way local or UNC navigation requests are handled in Windows Mail. An attacker could exploit the vulnerability by constructing a specially crafted e-mail message that could potentially allow execution of code from a local file or UNC path if a user clicked on a link in the e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-1658. URL Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2225 An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets HTTP headers when returning MHTML content. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-2225. Content Disposition Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2227 An information disclosure vulnerability exists in the way MHTML protocol handler passes Content-Disposition notifications back to Internet Explorer. The vulnerability could allow an attacker to bypass the file download dialog box in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-2227.  Comments on CVE-2007-1658:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®