Signature Detail

HTTP: Microsoft Internet Explorer MHTML Redirect Information Disclosure

This signature detects an MHTML redirect specially crafted to exploit a known vulnerability in Internet Explorer. An attacker who successfully exploited this could read data from another Internet Explorer domain or the local computer.

Extended Description

Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler. Note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of Outlook Express and Windows Mail. Successful exploits will allow the attacker to bypass Internet Explorer domain restrictions and to read data from a different Internet Explorer domain or security zone.

Affected Products

• HP Storage Management Appliance 2.1
• HP Storage Management Appliance I
• HP Storage Management Appliance II
• HP Storage Management Appliance III
• Microsoft Outlook Express 5.5 SP2
• Microsoft Outlook Express 6.0
• Microsoft Outlook Express 6.0 SP1
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows Mail
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for Itanium-based Systems
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Vista SP1
• Microsoft Windows Vista
• Microsoft Windows Vista x64 Edition SP1
• Microsoft Windows Vista x64 Edition
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional SP3
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition

References

• CVE: CVE-2008-1448
• URL: http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx