CVE-2008-1448
Last modified
CVE-2008-1448 is a vulnerability of currently unknown severity. The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability.". EPSS estimates a 26.63% chance of exploitation in the next 30 days.
Description
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Outlook Express | 5.5 | Sp2 |
| Microsoft | Outlook Express | 6.0 | — |
| Microsoft | Windows Mail | All versions | — |
References
- http://secunia.com/advisories/31415Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/2352Vendor Advisory
- http://secunia.com/advisories/31415Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-225A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/2352Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1448?
How severe is CVE-2008-1448?
How do I fix CVE-2008-1448?
Are you affected by CVE-2008-1448?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST