CVE-2007-3896 - Vulnerability Details

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Windows 2003 Server Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2003_server:::itanium:::::*
	cpe:2.3:o:microsoft:windows_2003_server:::x64:::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::

cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blogs.zdnet.com/security/?p=577
http://marc.info/?l=bugtraq&m=119143780202107&w=2
http://marc.info/?l=bugtraq&m=119144449915918&w=2
http://marc.info/?l=bugtraq&m=119159924712561&w=2
http://marc.info/?l=bugtraq&m=119168062128026&w=2
http://marc.info/?l=bugtraq&m=119194714125580&w=2
http://marc.info/?l=bugtraq&m=119195904813505&w=2
http://marc.info/?l=full-disclosure&m=119159477404263&w=2
http://marc.info/?l=full-disclosure&m=119168727402084&w=2
http://marc.info/?l=full-disclosure&m=119170531020020&w=2
http://marc.info/?l=full-disclosure&m=119171444628628&w=2
http://marc.info/?l=full-disclosure&m=119175323322021&w=2
http://marc.info/?l=full-disclosure&m=119180333805950&w=2
http://secunia.com/advisories/26201
http://securitytracker.com/id?1018831
http://www.heise-security.co.uk/news/96982
http://www.kb.cert.org/vuls/id/403150
http://www.microsoft.com/technet/security/advisory/943521.mspx
http://www.securityfocus.com/archive/1/481493/100/100/threaded
http://www.securityfocus.com/archive/1/481505/100/0/threaded
http://www.securityfocus.com/archive/1/481624/100/0/threaded
http://www.securityfocus.com/archive/1/481664/100/0/threaded
http://www.securityfocus.com/archive/1/481671/100/0/threaded
http://www.securityfocus.com/archive/1/481680/100/0/threaded
http://www.securityfocus.com/archive/1/481839/100/0/threaded
http://www.securityfocus.com/archive/1/481846/100/0/threaded
http://www.securityfocus.com/archive/1/481867/100/0/threaded
http://www.securityfocus.com/archive/1/481871/100/0/threaded
http://www.securityfocus.com/archive/1/481881/100/0/threaded
http://www.securityfocus.com/archive/1/481887/100/0/threaded
http://www.securityfocus.com/archive/1/482090/100/0/threaded
http://www.securityfocus.com/archive/1/482292/100/0/threaded
http://www.securityfocus.com/archive/1/482437/100/0/threaded
http://www.securityfocus.com/archive/1/484186/100/0/threaded
http://www.securityfocus.com/bid/25945
http://www.securitytracker.com/id?1018822
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-10-11T00:00:00

Updated: 2024-08-07T14:37:04.553Z

Reserved: 2007-07-19T00:00:00

Link: CVE-2007-3896

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-11T00:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3896

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"}, {"name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.heise-security.co.uk/news/96982"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"}, {"name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.zdnet.com/security/?p=577"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"}, {"name": "HPSBST02291", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "26201", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26201"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"}, {"name": "SSRT071498", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:4581", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"}, {"tags": ["x_refsource_MISC"], "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"}, {"name": "1018831", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018831"}, {"name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"}, {"name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"}, {"name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"}, {"name": "TA07-317A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"}, {"name": "943521", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"}, {"name": "20071004 Re[2]: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"}, {"name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"}, {"name": "MS07-061", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"}, {"name": "25945", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25945"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"}, {"name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"}, {"name": "VU#403150", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/403150"}, {"name": "20071011 M$ will fix URI?", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"}, {"name": "20071003 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"}, {"name": "20071004 Re: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"}, {"name": "20071003 Re: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"}, {"name": "1018822", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018822"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-3896", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"}, {"name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"}, {"name": "http://www.heise-security.co.uk/news/96982", "refsource": "MISC", "url": "http://www.heise-security.co.uk/news/96982"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"}, {"name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"}, {"name": "http://blogs.zdnet.com/security/?p=577", "refsource": "MISC", "url": "http://blogs.zdnet.com/security/?p=577"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"}, {"name": "HPSBST02291", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "26201", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26201"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"}, {"name": "SSRT071498", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:4581", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"}, {"name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/", "refsource": "MISC", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"}, {"name": "1018831", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018831"}, {"name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"}, {"name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"}, {"name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"}, {"name": "TA07-317A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"}, {"name": "943521", "refsource": "MSKB", "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"}, {"name": "20071004 Re[2]: 0day: mIRC pwns Windows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"}, {"name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"}, {"name": "MS07-061", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"}, {"name": "25945", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25945"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"}, {"name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"}, {"name": "VU#403150", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/403150"}, {"name": "20071011 M$ will fix URI?", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"}, {"name": "20071003 0day: mIRC pwns Windows", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"}, {"name": "20071004 Re: 0day: mIRC pwns Windows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"}, {"name": "20071003 Re: 0day: mIRC pwns Windows", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"}, {"name": "1018822", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018822"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:37:04.553Z"}, "title": "CVE Program Container", "references": [{"name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"}, {"name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.heise-security.co.uk/news/96982"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"}, {"name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"}, {"name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.zdnet.com/security/?p=577"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"}, {"name": "HPSBST02291", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "26201", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26201"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"}, {"name": "SSRT071498", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:4581", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"}, {"name": "1018831", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018831"}, {"name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"}, {"name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"}, {"name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"}, {"name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"}, {"name": "TA07-317A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"}, {"name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"}, {"name": "943521", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"}, {"name": "20071004 Re[2]: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"}, {"name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"}, {"name": "MS07-061", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"}, {"name": "25945", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25945"}, {"name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"}, {"name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"}, {"name": "VU#403150", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/403150"}, {"name": "20071011 M$ will fix URI?", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"}, {"name": "20071003 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"}, {"name": "20071004 Re: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"}, {"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"}, {"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"}, {"name": "20071003 Re: 0day: mIRC pwns Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"}, {"name": "1018822", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018822"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-3896", "datePublished": "2007-10-11T00:00:00", "dateReserved": "2007-07-19T00:00:00", "dateUpdated": "2024-08-07T14:37:04.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*", "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."}, {"lang": "es", "value": "El manejo de URL en la biblioteca Shell32.dll en el shell de Windows en Microsoft Windows XP y Server 2003, con Internet Explorer versi\u00f3n 7 instalado, permite a atacantes remotos ejecutar programas arbitrarios por medio de secuencias \"%\" no v\u00e1lidas en un mailto: u otro manejador URI, como es demostrado usando mIRC, Outlook, Firefox, Adobe Reader, Skype y otras aplicaciones. NOTA: este problema podr\u00eda estar relacionado con otros problemas relacionados con los controladores de URL en sistemas Windows, tal y como CVE-2007-3845. Tambi\u00e9n puede haber problemas separados pero estrechamente relacionados en las aplicaciones que son invocadas por los manejadores."}], "id": "CVE-2007-3896", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-11T00:17:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://blogs.zdnet.com/security/?p=577"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26201"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1018831"}, {"source": "secure@microsoft.com", "url": "http://www.heise-security.co.uk/news/96982"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/403150"}, {"source": "secure@microsoft.com", "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/25945"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018822"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"}, {"source": "secure@microsoft.com", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.zdnet.com/security/?p=577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.heise-security.co.uk/news/96982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/403150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object