Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-048.
Impact
Remote attackers can construct a specially crafted Web page, information disclosure, and could read data from another Internet Explorer domain or the local computer.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-048.mspx
Insight
Issue is due to the MHTML protocol handler incorrectly interprets MHTML URL redirections that could potentially bypass Internet Explorer domain restrictions when returning MHTML content.
Affected
MS Outlook Express 5.5 & 6 on MS Windows 2000
MS Outlook Express 6 on MS Windows 2003 and XP
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1448 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Microsoft Excel Remote Code Execution Vulnerabilities (968557)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Microsoft .NET Framework Multiple Vulnerabilities (2861561)