CVE-2006-2111

Microsoft Outlook Express 6 - Exposure of Sensitive Information via MHTML URI Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2111. PoCs published by codedreamer.

AI-analyzed exploit summary The provided text describes a cross-domain information-disclosure vulnerability in Outlook Express and Windows Mail, which can be exploited to access sensitive information from arbitrary external domains. The issue was initially misattributed to Internet Explorer but was later confirmed to affect Outlook Express/Windows Mail.

Description

A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by codedreamer · textdoswindows
https://www.exploit-db.com/exploits/27745

The provided text describes a cross-domain information-disclosure vulnerability in Outlook Express and Windows Mail, which can be exploited to access sensitive information from arbitrary external domains. The issue was initially misattributed to Internet Explorer but was later confirmed to affect Outlook Express/Windows Mail.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Outlook Express, Windows Mail
No auth needed
Prerequisites: Victim must visit a malicious website
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1605
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19738
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22477
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26281
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449883/100/200/threaded
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016005
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449917/100/0/threaded
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/471947/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25073
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17717
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1558
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/783761
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2154

Scores

EPSS 0.4031
EPSS Percentile 98.5%

Details

CWE
CWE-200
Status published
Products (1)
microsoft/outlook_express 6.0
Published May 01, 2006
Tracked Since Feb 18, 2026