Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)

Summary
This host is missing a critical security update according to Microsoft Bulletin MS07-034.
Impact
Successful exploitation allows remote attackers to gain access to sensitive information that is associated with the external domain. Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
Insight
The flaw is due to - Error in Windows because the 'MHTML' protocol handler incorrectly interprets the MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions. - The way local or UNC navigation requests are handled in Windows Mail. - Error in Windows because the 'MHTML' protocol handler incorrectly interprets HTTP headers when returning MHTML content. - MHTML protocol handler, which passes Content-Disposition notifications back to Internet Explorer.
Affected
Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista
References