===================================================================== CERT-Renater Note d'Information No. 2007/VULN267 _____________________________________________________________________ DATE : 13/06/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running utlook Express and Windows Mail. ====================================================================== MS07-034 - Cumulative Security Update for Outlook Express and Windows Mail (929123) Affected Software: - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 - Windows Vista - Windows Vista x64 Edition Non-Affected Software: -Windows 2000 Service Pack 4 Full MS07-034 advisory: http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx Vulnerability Details URL Redirect Cross Domain Information Disclosure Vulnerability - CVE-2006-2111 An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets the MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. Windows Mail UNC Navigation Request Remote Code Execution Vulnerability - CVE-2007-1658 A remote code execution vulnerability results from the way local or UNC navigation requests are handled in Windows Mail. An attacker could exploit the vulnerability by constructing a specially crafted e-mail message that could potentially allow execution of code from a local file or UNC path if a user clicked on a link in the e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. URL Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2225 An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets HTTP headers when returning MHTML content. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. Content Disposition Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2227 An information disclosure vulnerability exists in the way MHTML protocol handler passes Content-Disposition notifications back to Internet Explorer. The vulnerability could allow an attacker to bypass the file download dialog box in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If the user viewed the Web page using Internet Explorer, the vulnerability could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================