Security Update For Outlook Express (951066) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-048.

Impact

Remote attackers can construct a specially crafted Web page, information disclosure, and could read data from another Internet Explorer domain or the local computer. Impact Level : System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms08-048.mspx

Insight

Issue is due to the MHTML protocol handler incorrectly interprets MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions when returning MHTML content.

Affected

MS Outlook Express 5.5 & 6 on MS Windows 2000 MS Outlook Express 6 on MS Windows 2003 and XP

References

http://www.microsoft.com/technet/security/bulletin/ms08-048.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-1448

CVSS	Base Score: 7.1 AV:N/AC:M/Au:N/C:C/I:N/A:N

Related Vulnerabilities

Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Cumulative Security Update for Internet Explorer (956390)

Security Update for Outlook Express (951066)

Take action and discover your vulnerabilities