CVE-2007-2227

CVE Database · CVE-2007-2227

CVE-2007-2227

· N/AModified

CVSS v3.1

N/A

EPSS

25.04%

Published

Jun 12, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

Affected Products (12)

microsoft · windows_2003_server

microsoft · windows_xp

microsoft · outlook_expressvulnerable

microsoft · windows_vista

microsoft · windows_mailvulnerable

References (20)

http://archive.openmya.devnull.jp/2007.06/msg00060.html

http://openmya.hacker.jp/hasegawa/security/ms07-034.txt

http://osvdb.org/35346

http://secunia.com/advisories/25639

http://www.securityfocus.com/archive/1/471947/100/0/threaded