Unrated severityNVD Advisory· Published Aug 13, 2008· Updated Jun 16, 2026
CVE-2008-1448
CVE-2008-1448
Description
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:outlook_express:5.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook_express:6.0:sp1:*:*:*:*:*:*
- (no CPE)range: 5.5 SP2, 6 SP1
cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
11- secunia.com/advisories/31415nvdPatchVendor Advisory
- www.securityfocus.com/bid/30585nvdPatch
- www.vupen.com/english/advisories/2008/2352nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA08-225A.htmlnvdUS Government Resource
- marc.infonvd
- www.coresecurity.com/content/internet-explorer-zone-elevationnvd
- www.securityfocus.com/archive/1/495458/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.securitytracker.com/idnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-048nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5886nvd
News mentions
0No linked articles in our index yet.