Signature Detail
Short Name |
HTTP:STC:IE:MHTML-XDOM |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
HTTP |
Keywords |
Internet Explorer MHTML Cross-Domain Scripting |
Release Date |
2007/07/05 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer MHTML Cross-Domain Scripting
This signature detects Web pages containing dangerous hypertext links. A malicious Web site can exploit a known vulnerability in Internet Explorer 5 and 6 and allow an attacker domain's content (such as scripts) to access another domain's content (such as cookies), which could result in an information disclosure. Typical information stored in cookies that could be disclosed includes usernames, passwords, social security numbers, credit cards numbers, bank accounts, and other sensitive data.
Extended Description
Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain.
Affected Products
- Microsoft Outlook Express 6.0
- Microsoft Outlook Express 6.0 SP1
- Microsoft Outlook Express 6.0 SP2
- Microsoft Windows Mail
References
- BugTraq: 24410
- CVE: CVE-2007-2227
- URL: http://www.microsoft.com/technet/security/Bulletin/MS07-034.mspx