Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Cumulative Security Update for Outlook Express and Windows Mail (MS

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Cumulative Security Update for Outlook Express and Windows Mail (MS07-034)
Date: 13 Jun 2007 14:56:00 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Cumulative Security Update for Outlook Express and Windows Mail (MS07-034)
------------------------------------------------------------------------


SUMMARY

This critical security update resolves two privately reported and two 
publicly disclosed vulnerabilities. One of these vulnerabilities could 
allow remote code execution if a user viewed a specially crafted e-mail 
using Windows Mail in Windows Vista. The other vulnerabilities could allow 
information disclosure if a user visits a specially crafted Web page using 
Internet Explorer and cannot be exploited directly in Outlook Express. For 
the information disclosure vulnerabilities, users whose accounts are 
configured to have fewer user rights on the system could be less impacted 
than users who operate with administrative user rights.

DETAILS

Vulnerable Systems:
 * Windows XP Service Pack 2 - Microsoft Outlook Express 6 - Information 
Disclosure - Important (MS06-016, MS06-043, MS06-076)
 * Windows XP Professional x64 Edition - Microsoft Outlook Express 6 - 
Information Disclosure - Important (MS06-016, MS06-043, MS06-076)
 * Windows XP Professional x64 Edition Service Pack 2 - Microsoft Outlook 
Express 6 - Information Disclosure - Important
 * Windows Server 2003 Service Pack 1 - Microsoft Outlook Express 6 - 
Information Disclosure - Low (MS06-016, MS06-043, MS06-076)
 * Windows Server 2003 Service Pack 2 - Microsoft Outlook Express 6 - 
Information Disclosure - Low
 * Windows Server 2003 x64 Edition - Microsoft Outlook Express 6 - 
Information Disclosure - Moderate (MS06-016, MS06-043, MS06-076)
 * Windows Server 2003 x64 Edition Service Pack 2 - Microsoft Outlook 
Express 6 - Information Disclosure - Moderate
 * Windows Server 2003 with SP1 for Itanium-based Systems - Microsoft 
Outlook Express 6 - Information Disclosure - Low (MS06-016, MS06-043, 
MS06-076)
 * Windows Server 2003 with SP2 for Itanium-based Systems - Microsoft 
Outlook Express 6 - Information Disclosure - Low
 * Windows Vista - Windows Mail - Remote Code Execution - Critical
 * Windows Vista x64 Edition - Windows Mail - Remote Code Execution - 
Critical

Immune Systems:
 * Windows 2000 Service Pack 4 - Outlook Express 5.5 Service Pack 2
 * Windows 2000 Service Pack 4 - Outlook Express 6 Service Pack 1

URL Redirect Cross Domain Information Disclosure Vulnerability - 
CVE-2006-2111
An information disclosure vulnerability exists in Windows because the 
MHTML protocol handler incorrectly interprets the MHTML URL redirections 
that could potentially bypass Internet Explorer domain restrictions. An 
attacker could exploit the vulnerability by constructing a specially 
crafted Web page. If the user viewed the Web page using Internet Explorer, 
the vulnerability could potentially allow information disclosure. An 
attacker who successfully exploited this vulnerability could read data 
from another Internet Explorer domain.

To view this vulnerability as a standard entry in the Common 
Vulnerabilities and Exposures list, see  
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2111> 
CVE-2006-2111.

Windows Mail UNC Navigation Request Remote Code Execution Vulnerability - 
CVE-2007-1658
A remote code execution vulnerability results from the way local or UNC 
navigation requests are handled in Windows Mail. An attacker could exploit 
the vulnerability by constructing a specially crafted e-mail message that 
could potentially allow execution of code from a local file or UNC path if 
a user clicked on a link in the e-mail message. An attacker who 
successfully exploited this vulnerability could take complete control of 
an affected system.

To view this vulnerability as a standard entry in the Common 
Vulnerabilities and Exposures list, see  
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1658> 
CVE-2007-1658.

URL Parsing Cross Domain Information Disclosure Vulnerability - 
CVE-2007-2225
An information disclosure vulnerability exists in Windows because the 
MHTML protocol handler incorrectly interprets HTTP headers when returning 
MHTML content. An attacker could exploit the vulnerability by constructing 
a specially crafted Web page. If the user viewed the Web page using 
Internet Explorer, the vulnerability could potentially allow information 
disclosure. An attacker who successfully exploited this vulnerability 
could read data from another Internet Explorer domain.

To view this vulnerability as a standard entry in the Common 
Vulnerabilities and Exposures list, see  
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2225> 
CVE-2007-2225.

Content Disposition Parsing Cross Domain Information Disclosure 
Vulnerability - CVE-2007-2227
An information disclosure vulnerability exists in the way MHTML protocol 
handler passes Content-Disposition notifications back to Internet 
Explorer. The vulnerability could allow an attacker to bypass the file 
download dialog box in Internet Explorer. An attacker could exploit the 
vulnerability by constructing a specially crafted Web page. If the user 
viewed the Web page using Internet Explorer, the vulnerability could 
potentially allow information disclosure. An attacker who successfully 
exploited this vulnerability could read data from another Internet 
Explorer domain.

To view this vulnerability as a standard entry in the Common 
Vulnerabilities and Exposures list, see  
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2227> 
CVE-2007-2227.


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx> 
http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Cumulative Security Update for Outlook Express and Windows Mail (MS07-034), SecuriTeam <=
Previous by Date:  [NT] Vulnerability in Win 32 API Allows Code Execution (MS07-035), SecuriTeam
Next by Date:  [NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS07-030), SecuriTeam
Previous by Thread:  [NT] Vulnerability in Win 32 API Allows Code Execution (MS07-035), SecuriTeam
Next by Thread:  [NT] Vulnerabilities in Microsoft Visio Allows Code Execution (MS07-030), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]