Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2111

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2111
Last Modified 27 Sep 2011 12:00:00
Published 01 May 2006 03:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2111

Summary

A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."

Vulnerable Systems

Application

  • Microsoft Outlook Express 6.0


References

CERT - TA07-163A

CERT-VN - VU#783761

XF - ie-mhtml-information-disclosure(26281)

VUPEN - ADV-2007-2154

VUPEN - ADV-2006-1558

BID - 17717

HP - HPSBST02231

BUGTRAQ - 20061025 IE7 status: 8 days after release, 3 unfixed issues

BUGTRAQ - 20061026 IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006

OSVDB - 25073

MS - MS07-034

SECTRACK - 1016005

MISC - http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/

SECUNIA - 22477

SECUNIA - 19738

HP - SSRT071438


Last Updated: 27 May 2016 10:42:35