CVE-2007-2227 | Vulnerability Database | Aqua Security

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition notifications, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2003_server	Microsoft	*	*
Windows_2003_server	Microsoft	sp1 (including)	sp1 (including)
Windows_2003_server	Microsoft	sp2 (including)	sp2 (including)
Windows_xp	Microsoft	*	*

References

http://archive.openmya.devnull.jp/2007.06/msg00060.html
http://openmya.hacker.jp/hasegawa/security/ms07-034.txt
http://osvdb.org/35346
http://secunia.com/advisories/25639
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.securityfocus.com/archive/1/472002/100/0/threaded
http://www.securityfocus.com/bid/24410
http://www.securitytracker.com/id?1018233
http://www.securitytracker.com/id?1018234
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
http://www.vupen.com/english/advisories/2007/2154
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2227
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html