Check Point Advisories

Preemptive Protection against Microsoft MHTML Information Disclosure Vulnerability (MS07-034)

Check Point Reference: CPAI-2007-071
Date Published: 14 Jun 2007
Severity: Critical
Last Updated: Monday 01 January, 2007
Source: Microsoft Security Bulletin MS07-034
Industry Reference:CVE-2006-2111
Protection Provided by:
Who is Vulnerable? Microsoft Outlook Express 6 on Windows XP SP2
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition
Microsoft Outlook Express 6 on Windows XP Professional x64 Edition SP2
Microsoft Outlook Express 6 on Windows Server 2003 SP1
Microsoft Outlook Express 6 on Windows Server 2003 SP2
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition
Microsoft Outlook Express 6 on Windows Server 2003 x64 Edition SP2
Microsoft Outlook Express 6 on Windows Server 2003 with SP1 (Itanium)
Microsoft Outlook Express 6 on Windows Server 2003 with SP2 (Itanium)
Windows Mail on Windows Vista
Windows Mail on Windows Vista x64 Edition
Vulnerability Description An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is within the MHTML Protocol, a component of Outlook Express. The MHTML (MIME Encapsulation of Aggregate HTML) protocol handler provides a URL type (MHTML://) that permits MHTML encoded documents to be rendered in applications. The vulnerability could be exploited by a remote attacker to access sensitive information on behalf of the target user.
Update/Patch AvaliableApply patches:
MS07-034: Cumulative security update for Outlook Express and for Windows Mail
Vulnerability DetailsThe vulnerability is due to an error in the MHTML protocol handler that fails to properly process MHTML URL redirections. To trigger this flaw, an attacker can specially craft a malicious web page that exploits this vulnerability. Successful exploitation allows remote attackers to read content and data served from another domain in the context of a malicious web page.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK