CVE-2007-2225

CVE Database · CVE-2007-2225

CVE-2007-2225

· N/AModified

CVSS v3.1

N/A

EPSS

25.04%

Published

Jun 12, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Affected Products (12)

microsoft · windows_2003_server

microsoft · windows_xp

microsoft · outlook_expressvulnerable

microsoft · windows_vista

microsoft · windows_mailvulnerable

References (20)

http://archive.openmya.devnull.jp/2007.06/msg00060.html

http://openmya.hacker.jp/hasegawa/security/ms07-034.txt

http://osvdb.org/35345

http://secunia.com/advisories/25639

http://www.kb.cert.org/vuls/id/682825