Content
(MS08-048) Microsoft URL Parsing Cross Domain Information Disclosure Vulnerability (951066)
- Type
- Buffer Overflow
- Impact of exploitation
- Information disclosure
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2008-1448,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Outlook Express 5.5,
- Outlook Express 6.0,
- Windows Mail ,
- Summary
- A vulnerability is present in Microsoft Windows that may allow for information disclosure. Exploitation may occur when visiting a malicious Web site.
Tab Navigation
Description
Microsoft Windows Outlook Express and Windows Mail is an application that is used for email functionality. A vulnerability is present in Microsoft Windows that may allow for information disclosure. The flaw lies in processing of MHTML content containing specially crafted headers. Successful exploitation would occur when visiting an attacker controlled Web site.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (951066): http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-048) Microsoft URL Parsing Cross Domain Information Disclosure Vulnerability (951066)
- Signature identifier:
- 6060
- Release date:
- 8/12/2008
Additional Resources
Microsoft Security Bulletin: Cumulative Security Update for Outlook Express and Windows Mail (951066)
http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
All Information
Timeline -
8/12/2008
Vendor has provided a patch.
Description -
Microsoft Windows Outlook Express and Windows Mail is an application that is used for email functionality. A vulnerability is present in Microsoft Windows that may allow for information disclosure. The flaw lies in processing of MHTML content containing specially crafted headers. Successful exploitation would occur when visiting an attacker controlled Web site.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (951066): http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-048) Microsoft URL Parsing Cross Domain Information Disclosure Vulnerability (951066)
- Signature identifier:
- 6060
- Release date:
- 8/12/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Cumulative Security Update for Outlook Express and Windows Mail (951066)
http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
