header-logo
Suggest Exploit
vendor:
Outlook Express and Windows Mail
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Domain Information Disclosure
200
CWE
Product Name: Outlook Express and Windows Mail
Affected Version From: Outlook Express 6.0
Affected Version To: Windows Mail
Patch Exists: YES
Related CWE: CVE-2006-4868
CPE: o:microsoft:outlook_express
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

Outlook Express and Windows Mail Cross-Domain Information Disclosure Vulnerability

Outlook Express and Windows Mail are prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

Mitigation:

Microsoft has released a set of patches for Outlook Express and Windows Mail to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17717/info

Outlook Express and Windows Mail are prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

This issue was previously reported as an Internet Explorer vulnerability, but the affected component is found to be part of Outlook Express and Windows Mail. Microsoft confirmed that this is an Outlook Express/Windows Mail vulnerability that can also be exploited through Internet Explorer.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27745.zip

Navigation

Suggest Exploit

Services By CQR