Oval Definition:oval:org.mitre.oval:def:2045
Revision Date:2012-09-10Version:44
Title:URL Parsing Cross Domain Information Disclosure Vulnerability
Description:A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-2225
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):Microsoft Outlook Express
Definition Synopsis
  • Microsoft Outlook Express 6 on Win XP SP2
  • Microsoft Windows XP SP2 or later is installed
  • AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
  • AND the version of inetcomm.dll is less than 6.0.2900.3138
  • OR Microsoft Outlook Express 6 on Win 2k3 SP1
  • Microsoft Windows Server 2003 SP1 (x86) is installed
  • AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
  • AND the version of inetcomm.dll is less than 6.0.3790.2929
  • OR Microsoft Outlook Express 6 on Win 2k3 SP2
  • Microsoft Windows Server 2003 SP1 (x86) is installed
  • AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
  • AND the version of inetcomm.dll is less than 6.0.3790.4073
  • OR Microsoft Outlook Express 6 on Win XP SP2 (64-bit)
  • Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
  • AND the version of inetcomm.dll is less than 6.0.3790.4073
  • AND Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Outlook Express 6 on Win XP SP1 (64-bit)
  • Microsoft Windows XP SP1 (64-bit) is installed
  • AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed
  • AND the version of inetcomm.dll is less than 6.0.3790.2929
    • BACK