=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN304
_____________________________________________________________________

DATE                      : 13/08/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Outlook Express,
                                            Windows Mail.

======================================================================
KB951066
http://www.microsoft.com/technet/security/bulletin/ms08-048.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-048 - Important

Security Update for Outlook Express and Windows Mail (951066)

    Published: August 12, 2008

    Version: 1.0

General Information

Executive Summary

    This security update resolves a privately reported vulnerability in
    Outlook Express and Windows Mail. The vulnerability could allow
    information disclosure if a user visits a specially crafted Web page
    using Internet Explorer. Users whose accounts are configured to have
    fewer user rights on the system could be less impacted than users who
    operate with administrative user rights.

    This security update is rated Important for supported editions of
    Windows XP and Windows Vista and rated Low for supported editions of
    Windows Server 2003 and Windows Server 2008. For more information, see
    the subsection, Affected Software, in this section.

    Recommendation. Microsoft recommends that customers apply the update
    at the earliest opportunity.

  Affected Software

    Microsoft Outlook Express 5.5 Service Pack 2

    Microsoft Outlook Express 6 Service Pack 1

    Microsoft Outlook Express 6

    Windows Mail

Vulnerability Information

URL Parsing Cross-Domain Information Disclosure Vulnerability -
CVE-2008-1448

    An information disclosure vulnerability exists in Outlook Express and
    Windows Mail because the MHTML protocol handler incorrectly interprets
    MHTML URL redirections that could potentially bypass Internet Explorer
    domain restrictions when returning MHTML content. An attacker could
    exploit the vulnerability by constructing a specially crafted Web
    page. If the user viewed the Web page through Internet Explorer, the
    vulnerability could potentially allow information disclosure. An
    attacker who successfully exploited this vulnerability could read data
    from another Internet Explorer domain or the local computer.

Workarounds for URL Parsing Cross-Domain Information Disclosure
Vulnerability - CVE-2008-1448

    Lockdown the MHTML protocol handler

    Disable the MHTML protocol handler.

    Set Internet and Local intranet security zone settings to High to prompt
    before running Active Scripting in these zones

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================