{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"}, {"name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"}, {"name": "MS07-034", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"}, {"name": "oval:org.mitre.oval:def:1861", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"}, {"tags": ["x_refsource_MISC"], "url": "http://news.com.com/2100-1002_3-6170133.html"}, {"name": "SSRT071438", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"name": "win-mail-code-execution(33167)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"}, {"tags": ["x_refsource_MISC"], "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194"}, {"name": "1017816", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017816"}, {"name": "23103", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23103"}, {"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"}, {"name": "TA07-163A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"}, {"name": "25639", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25639"}, {"name": "ADV-2007-2154", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2154"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.html?storyid=2507"}, {"name": "HPSBST02231", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"}, {"name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"}, {"name": "MS07-034", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"}, {"name": "oval:org.mitre.oval:def:1861", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"}, {"name": "http://news.com.com/2100-1002_3-6170133.html", "refsource": "MISC", "url": "http://news.com.com/2100-1002_3-6170133.html"}, {"name": "SSRT071438", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"name": "win-mail-code-execution(33167)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"}, {"name": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194", "refsource": "MISC", "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194"}, {"name": "1017816", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017816"}, {"name": "23103", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23103"}, {"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"}, {"name": "TA07-163A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"}, {"name": "25639", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25639"}, {"name": "ADV-2007-2154", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2154"}, {"name": "http://isc.sans.org/diary.html?storyid=2507", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=2507"}, {"name": "HPSBST02231", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:06:25.707Z"}, "title": "CVE Program Container", "references": [{"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"}, {"name": "20070323 Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"}, {"name": "MS07-034", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"}, {"name": "oval:org.mitre.oval:def:1861", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://news.com.com/2100-1002_3-6170133.html"}, {"name": "SSRT071438", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"name": "win-mail-code-execution(33167)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194"}, {"name": "1017816", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017816"}, {"name": "23103", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23103"}, {"name": "20070323 Re: Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"}, {"name": "TA07-163A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"}, {"name": "25639", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25639"}, {"name": "ADV-2007-2154", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2154"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.html?storyid=2507"}, {"name": "HPSBST02231", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1658", "datePublished": "2007-03-24T19:00:00", "dateReserved": "2007-03-24T00:00:00", "dateUpdated": "2024-08-07T13:06:25.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*", "matchCriteriaId": "CC3161FD-F631-405A-BE3A-0B78D5DCD7B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*", "matchCriteriaId": "BDDE7F1B-768A-4A53-8765-E48DEB0EF3D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*", "matchCriteriaId": "8FF0D88B-821D-4E45-A2EC-5279B9190356", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*", "matchCriteriaId": "1A9CAA2B-947F-47E8-A032-DFA2D1F05B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*", "matchCriteriaId": "4C17A747-EF5C-4852-89F7-DE45DDD6EB60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."}, {"lang": "es", "value": "Windows Mail en Microsoft Windows Vista podr\u00eda permitir a atacantes con la intervenci\u00f3n del usuario ejecutar ciertos programas a trav\u00e9s de un enlace a (1) un fichero local o (2) un nombre de ruta UNC compartido en el cual hay un directorio con el mismo nombre de base con un programa un programa ejecutable en el mismo nivel, como se demostr\u00f3 utilizando C:/windows/system32/winrm (winrm.cmd) y migwiz (migwiz.exe).\r\n"}], "id": "CVE-2007-1658", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-24T19:19:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=2507"}, {"source": "cve@mitre.org", "url": "http://news.com.com/2100-1002_3-6170133.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25639"}, {"source": "cve@mitre.org", "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23103"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017816"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2154"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=2507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://news.com.com/2100-1002_3-6170133.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017816"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}