CVE-2007-4040
https://notcve.org/view.php?id=CVE-2007-4040
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. Vulnerabilidad de inyección de argumento involucrando a Microsoft Outlook y Outlook Express, cuando determinados URIS se han registrado, permite a atacantes remotos conducir ataques de salto de navegador y ejecutar comandos de su elección mediante metacaracteres de consola de comandos en un URI no especificado, que son insertados en una línea de comando al invocar al proceso gestor, asunto similar a CVE-2007-3670. • http://larholm.com/2007/07/25/mozilla-protocol-abuse http://seclists.org/fulldisclosure/2007/Jul/0557.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-Disposition), lo cual permite a atacantes remotos obtener información sensible de otros dominios de Internet Explorer, también conocida como "Vulnerabilidad de Revelación de Información de Dominios Cruzados en Análisis de Disposición de Contenido" (Content Disposition Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35346 http://secunia.com/advisories/25639 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24410 http://www.securitytracker.com/id?1018233 http://www.securitytracker.com/id?1018234 http://www.us-cert.gov/cas/techalerts/TA07-163A.html http •
CVE-2007-2225
https://notcve.org/view.php?id=CVE-2007-2225
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." Un componente en Microsoft Outlook Express 6 y windows Mail en Windows Vista no maneja adecuadamente determinadas cabeceras HTTP cuado procesa URLs del protocolo MHTML, lo cual permite a atacantes remotos obtener información sensible de ostros dominios de Internet Explorer, también conocida como "Vulnerabilidad de revelación de información de dominios cruzados en el análisis URL" (URL Parsing Cross Domain Information Disclosure Vulnerability). • http://archive.openmya.devnull.jp/2007.06/msg00060.html http://openmya.hacker.jp/hasegawa/security/ms07-034.txt http://osvdb.org/35345 http://secunia.com/advisories/25639 http://www.kb.cert.org/vuls/id/682825 http://www.securityfocus.com/archive/1/471947/100/0/threaded http://www.securityfocus.com/archive/1/472002/100/0/threaded http://www.securityfocus.com/bid/24392 http://www.securitytracker.com/id?1018231 http://www.securitytracker.com/id?1018232 http://www •
CVE-2006-2386
https://notcve.org/view.php?id=CVE-2006-2386
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. Vulnerabilidad sin especificar en el Microsoft Outlook Express 6 y versiones anteriores, permite a atacantes remotos ejecutar código de su elección a través de un registro de contactos modificado en el fichero Windows Address Book (WAB). • http://secunia.com/advisories/23311 http://securitytracker.com/id?1017369 http://www.securityfocus.com/archive/1/454969/100/200/threaded http://www.securityfocus.com/bid/21501 http://www.us-cert.gov/cas/techalerts/TA06-346A.html http://www.vupen.com/english/advisories/2006/4969 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/29227 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre •
CVE-2006-2111 – Outlook Express 5.5/6.0 / Windows Mail - MHTML URI Handler Information Disclosure
https://notcve.org/view.php?id=CVE-2006-2111
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." • https://www.exploit-db.com/exploits/27745 http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test http://secunia.com/advisories/19738 http://secunia.com/advisories/22477 http://securitytracker.com/id?1016005 http://www.kb.cert.org/vuls/id/783761 http://www.osvdb.org/25073 http://www.securityfocus.com/archive/1/449883/100/200/threaded http://www.securityfocus.com/archive/1/449917/100/0/threaded http://www.securityfocus.com/archive/1/471947/100/0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •