HTTP: Microsoft Internet Explorer MHTML Redirect Information Disclosure
This signature detects an MHTML redirect specially crafted to exploit a known vulnerability in Internet Explorer. An attacker who successfully exploited this could read data from another Internet Explorer domain or the local computer.
Extended Description
Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler. Note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of Outlook Express and Windows Mail. Successful exploits will allow the attacker to bypass Internet Explorer domain restrictions and to read data from a different Internet Explorer domain or security zone.
Affected Products
Microsoft windows_xp_professional
Short Name
HTTP:STC:IE:MHTML-REDIR-INFO
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2008-1448 Disclosure Explorer Information Internet MHTML Microsoft Redirect
Release Date
08/12/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Hp
Microsoft
CVSS Score
7.1