|
[Japanese]
|
JVNDB-2007-000446
|
Internet Explorer vulnerable in MHTML handling
|
|
Internet Explorer is vulnerable in handling MHTML (MIME Encapsulation of Aggregate HTML) protocol, which allows an arbitrary script execution.
When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types.
This behavior may result in executing the scripts embedded in the contents.
The MHTML protocol handler is included in the Outlook Express component, and Microsoft provides the fix of the vulnerability for this component.
|
|
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Microsoft Corporation
- Microsoft Outlook Express 6
- Microsoft Windows Mail
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 (itanium)
- Microsoft Windows Server 2003 (x64)
- Microsoft Windows Vista
- Microsoft Windows Vista (x64)
- Microsoft Windows XP sp3
- Microsoft Windows XP (x64)
|
|
|
An arbitrary script may be executed in the user's web browser.
|
|
[Update the Software]
Apply the latest updates provided by the vendor.
|
|
Microsoft Corporation
|
|
|
|
- CVE-2007-2225
|
|
- JVN : JVNTA07-163A (Japanese)
- JVN : JVN#27203006
- JVN Status Tracking Notes : TRTA07-163A (Japanese)
- National Vulnerability Database (NVD) : CVE-2007-2225
- US-CERT Cyber Security Alerts : SA07-163A
- US-CERT Vulnerability Note : VU#682825
- US-CERT Technical Cyber Security Alert : TA07-163A
- Secunia Advisory : SA25639
- SecurityFocus : 24392
- FrSIRT Advisories : FrSIRT/ADV-2007-2154
|
|
- [2008/05/21]
Web page published
|
