Vulnerabilities > CVE-2007-2227 - Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
microsoft
nessus
NVD
Published: 2007-06-12
Updated: 2018-10-16

Summary

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
10
Application
Microsoft
2

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS07-034.NASL
descriptionThe remote host is running a version of Microsoft Outlook Express with several security flaws that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed email to a victim on the remote host and have him open it.
last seen2020-06-01
modified2020-06-02
plugin id25487
published2007-06-12
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25487
titleMS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25487);
 script_version("1.33");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id(
  "CVE-2006-2111",
  "CVE-2007-1658",
  "CVE-2007-2225",
  "CVE-2007-2227"
 );
 script_bugtraq_id(17717, 23103, 24392, 24410);
 script_xref(name:"MSFT", value:"MS07-034");
 script_xref(name:"MSKB", value:"929123");
 
 script_xref(name:"CERT", value:"682825");
 script_xref(name:"CERT", value:"783761");
 script_xref(name:"EDB-ID", value:"27745");
 script_xref(name:"EDB-ID", value:"29771");

 script_name(english:"MS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123)");
 script_summary(english:"Determines the presence of update 929123");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the email
client.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Microsoft Outlook Express with
several security flaws that could allow an attacker to execute arbitrary
code on the remote host.

To exploit this flaw, an attacker would need to send a malformed email
to a victim on the remote host and have him open it.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-034");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Outlook Express and Windows
Mail.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(200);

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/28");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/06/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/06/12");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-034';
kb = '929123';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'2', win2003:'1,2', vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Inetcomm.dll", version:"6.0.6000.16480", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Inetcomm.dll", version:"6.0.3790.4073", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Inetcomm.dll", version:"6.0.3790.2929", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Inetcomm.dll", version:"6.0.2900.3138", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2012-09-10T04:00:47.213-04:00
classvulnerability
contributors
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
  • nameChandan S
    organizationSecPod Technologies
definition_extensions
  • commentMicrosoft Windows XP SP2 or later is installed
    ovaloval:org.mitre.oval:def:521
  • commentMicrosoft Outlook Express 6.0 for Windows XP/2003 is installed
    ovaloval:org.mitre.oval:def:208
  • commentMicrosoft Windows Server 2003 SP1 (x86) is installed
    ovaloval:org.mitre.oval:def:565
  • commentMicrosoft Outlook Express 6.0 for Windows XP/2003 is installed
    ovaloval:org.mitre.oval:def:208
  • commentMicrosoft Windows Server 2003 SP1 (x86) is installed
    ovaloval:org.mitre.oval:def:565
  • commentMicrosoft Outlook Express 6.0 for Windows XP/2003 is installed
    ovaloval:org.mitre.oval:def:208
  • commentMicrosoft Outlook Express 6.0 for Windows XP/2003 is installed
    ovaloval:org.mitre.oval:def:208
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows XP SP1 (64-bit) is installed
    ovaloval:org.mitre.oval:def:480
  • commentMicrosoft Outlook Express 6.0 for Windows XP/2003 is installed
    ovaloval:org.mitre.oval:def:208
descriptionThe MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
familywindows
idoval:org.mitre.oval:def:2085
statusaccepted
submitted2007-06-13T08:22:59.000-04:00
titleContent Disposition Parsing Cross Domain Information Disclosure Vulnerability
version71

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 24410 CVE(CAN) ID: CVE-2007-2227 Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 MHTML协议处理程序将内容处置通知传递回Internet Explorer的方式中存在一个信息泄露漏洞,可能允许攻击者绕过Internet Explorer中的文件下载对话框。 攻击者可以通过构建特制的网页来利用该漏洞。如果用户使用Internet Explorer查看了该网页,漏洞就可能允许信息泄露。成功利用此漏洞的攻击者可以读取另一个Internet Explorer域中的数据。 Microsoft Outlook Express 6.0 Microsoft Windows Mail 临时解决方法: * 禁用MHTML协议处理程序: 1. 单击“开始”,然后单击“运行 ”。在文本框中输入regedit.exe,然后单击“确定”。 2. 导航到HKEY_CLASSES_ROOT\CLSID\{05300401-BCBC-11d0-85E3-00C04FD85AB4}。 3. 右键单击{05300401-BCBC-11d0-85E3-00C04FD85AB4},然后选择“权限”。 4. 单击“高级”。 5. 取消选中“允许将来自父级的可继承权限传播给该对象 6. 单击“删除”,然后单击“确定”。 在后续屏幕上单击“是”和“确定”。 * 将Internet和本地intranet安全区设置为“高”以在运行活动脚本之前要求提示。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS07-034)以及相应补丁: MS07-034:Cumulative Security Update for Outlook Express and Windows Mail (929123) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/ms07-034.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/ms07-034.mspx?pf=true</a>
idSSV:2682
last seen2017-11-19
modified2007-12-26
published2007-12-26
reporterRoot
titleMicrosoft Outlook Express内容处置解析跨域信息泄露漏洞(MS07-034)

References