• info
• discussion
• exploit
• solution
• references

Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability

Solution:
The vendor has released an advisory to address this issue in supported versions of affected applications. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


Microsoft Windows Mail 0

• Microsoft Cumulative Security Update for Outlook Express for Windows Vista (KB929123)
  Windows Vista
  http://www.microsoft.com/downloads/details.aspx?FamilyId=ee57de19-44ea -48f2-ae28-e76fd2018633&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Vista for x64-based Systems (KB929123)
  Windows Vista x64 Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=343db20f-7794 -4423-b11d-885329fbdf78&displaylang=en

Microsoft Outlook Express 6.0 SP2

• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123)
  Windows Server 2003 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c -4ab7-9283-c693d7bd82be&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123)
  Windows Server 2003 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=93808a74-035c -4ab7-9283-c693d7bd82be&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 for Itanium-based Systems (KB
  Windows Server 2003 with SP1 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571 -437d-a612-99175ac39025&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 for Itanium-based Systems (KB
  Windows Server 2003 with SP2 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?FamilyId=2e62e96e-6571 -437d-a612-99175ac39025&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 x64 Edition (KB929123)
  Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285 -45e5-84bd-71ae9da126e3&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows Server 2003 x64 Edition (KB929123)
  Windows Server 2003 x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=f63323a9-e285 -45e5-84bd-71ae9da126e3&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows XP (KB929123)
  Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=27cca556-0872 -4803-b610-4c895ceb99aa&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows XP x64 Edition (KB929123)
  Windows XP Professional x64 Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb -40f0-8960-b9debc8413e7&displaylang=en


• Microsoft Cumulative Security Update for Outlook Express for Windows XP x64 Edition (KB929123)
  Windows XP Professional x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=1ea813bf-bddb -40f0-8960-b9debc8413e7&displaylang=en