cvelistv5 - cve-2007-3896

CVE-2007-3896 (GCVE-0-2007-3896)

Vulnerability from cvelistv5 – Published: 2007-10-11 00:00 – Updated: 2024-08-07 14:37

Summary

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/archive/1/482437/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=full-disclosure&m=11915947740…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/481871/100…	mailing-listx_refsource_BUGTRAQ
	http://www.heise-security.co.uk/news/96982	x_refsource_MISC
	http://www.securityfocus.com/archive/1/481680/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/481664/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=119159924712561&w=2	mailing-listx_refsource_BUGTRAQ
	http://blogs.zdnet.com/security/?p=577	x_refsource_MISC
	http://www.securityfocus.com/archive/1/481867/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/484186/100…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/26201	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=119168062128026&w=2	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=full-disclosure&m=11917144462…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/484186/100…	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://xs-sniper.com/blog/remote-command-exec-fir…	x_refsource_MISC
	http://marc.info/?l=full-disclosure&m=11917532332…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/481846/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1018831	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=119194714125580&w=2	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=full-disclosure&m=11916872740…	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/481881/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/481671/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/481839/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA07-317A.html	third-party-advisoryx_refsource_CERT
	http://marc.info/?l=full-disclosure&m=11918033380…	mailing-listx_refsource_FULLDISC
	http://www.microsoft.com/technet/security/advisor…	vendor-advisoryx_refsource_MSKB
	http://www.securityfocus.com/archive/1/481493/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/481624/100…	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/25945	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/481887/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/482292/100…	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/403150	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/482090/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=119143780202107&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/481505/100…	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=119195904813505&w=2	mailing-listx_refsource_BUGTRAQ
	http://marc.info/?l=full-disclosure&m=11917053102…	mailing-listx_refsource_FULLDISC
	http://marc.info/?l=bugtraq&m=119144449915918&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1018822	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:04.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
          },
          {
            "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
          },
          {
            "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.heise-security.co.uk/news/96982"
          },
          {
            "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
          },
          {
            "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
          },
          {
            "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.zdnet.com/security/?p=577"
          },
          {
            "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
          },
          {
            "name": "HPSBST02291",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
          },
          {
            "name": "26201",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26201"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
          },
          {
            "name": "SSRT071498",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:4581",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
          },
          {
            "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
          },
          {
            "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
          },
          {
            "name": "1018831",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018831"
          },
          {
            "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
          },
          {
            "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
          },
          {
            "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
          },
          {
            "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
          },
          {
            "name": "TA07-317A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
          },
          {
            "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
          },
          {
            "name": "943521",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
          },
          {
            "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
          },
          {
            "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
          },
          {
            "name": "MS07-061",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
          },
          {
            "name": "25945",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25945"
          },
          {
            "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
          },
          {
            "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
          },
          {
            "name": "VU#403150",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/403150"
          },
          {
            "name": "20071011 M$ will fix URI?",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
          },
          {
            "name": "20071003 0day: mIRC pwns Windows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
          },
          {
            "name": "20071004 Re: 0day: mIRC pwns Windows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
          },
          {
            "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
          },
          {
            "name": "20071003 Re: 0day: mIRC pwns Windows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
          },
          {
            "name": "1018822",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018822"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
        },
        {
          "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
        },
        {
          "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.heise-security.co.uk/news/96982"
        },
        {
          "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
        },
        {
          "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
        },
        {
          "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.zdnet.com/security/?p=577"
        },
        {
          "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
        },
        {
          "name": "HPSBST02291",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
        },
        {
          "name": "26201",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26201"
        },
        {
          "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
        },
        {
          "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
        },
        {
          "name": "SSRT071498",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:4581",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
        },
        {
          "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
        },
        {
          "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
        },
        {
          "name": "1018831",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018831"
        },
        {
          "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
        },
        {
          "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
        },
        {
          "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
        },
        {
          "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
        },
        {
          "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
        },
        {
          "name": "TA07-317A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
        },
        {
          "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
        },
        {
          "name": "943521",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
        },
        {
          "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
        },
        {
          "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
        },
        {
          "name": "MS07-061",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
        },
        {
          "name": "25945",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25945"
        },
        {
          "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
        },
        {
          "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
        },
        {
          "name": "VU#403150",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/403150"
        },
        {
          "name": "20071011 M$ will fix URI?",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
        },
        {
          "name": "20071003 0day: mIRC pwns Windows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
        },
        {
          "name": "20071004 Re: 0day: mIRC pwns Windows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
        },
        {
          "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
        },
        {
          "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
        },
        {
          "name": "20071003 Re: 0day: mIRC pwns Windows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
        },
        {
          "name": "1018822",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018822"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3896",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
            },
            {
              "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
            },
            {
              "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
            },
            {
              "name": "http://www.heise-security.co.uk/news/96982",
              "refsource": "MISC",
              "url": "http://www.heise-security.co.uk/news/96982"
            },
            {
              "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
            },
            {
              "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
            },
            {
              "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=577",
              "refsource": "MISC",
              "url": "http://blogs.zdnet.com/security/?p=577"
            },
            {
              "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
            },
            {
              "name": "HPSBST02291",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
            },
            {
              "name": "26201",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26201"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
            },
            {
              "name": "SSRT071498",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:4581",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
            },
            {
              "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/",
              "refsource": "MISC",
              "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
            },
            {
              "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
            },
            {
              "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
            },
            {
              "name": "1018831",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018831"
            },
            {
              "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
            },
            {
              "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
            },
            {
              "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
            },
            {
              "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
            },
            {
              "name": "TA07-317A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
            },
            {
              "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
            },
            {
              "name": "943521",
              "refsource": "MSKB",
              "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
            },
            {
              "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
            },
            {
              "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
            },
            {
              "name": "MS07-061",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
            },
            {
              "name": "25945",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25945"
            },
            {
              "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
            },
            {
              "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
            },
            {
              "name": "VU#403150",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/403150"
            },
            {
              "name": "20071011 M$ will fix URI?",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
            },
            {
              "name": "20071003 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
            },
            {
              "name": "20071004 Re: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
            },
            {
              "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
            },
            {
              "name": "20071003 Re: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
            },
            {
              "name": "1018822",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018822"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-3896",
    "datePublished": "2007-10-11T00:00:00",
    "dateReserved": "2007-07-19T00:00:00",
    "dateUpdated": "2024-08-07T14:37:04.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"580632FB-7EB8-4DC6-A372-742D4523BF79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD264C73-360E-414D-BE22-192F92E5A0A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE8F4276-4D97-480D-A542-FE9982FFD765\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"6881476D-81A2-4DFD-AC77-82A8D08A0568\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"ACF75FC8-095A-4EEA-9A41-C27CFF3953FB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"57ECAAA8-8709-4AC7-9CE7-49A8040C04D3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \\\"%\\\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.\"}, {\"lang\": \"es\", \"value\": \"El manejo de URL en la biblioteca Shell32.dll en el shell de Windows en Microsoft Windows XP y Server 2003, con Internet Explorer versi\\u00f3n 7 instalado, permite a atacantes remotos ejecutar programas arbitrarios por medio de secuencias \\\"%\\\" no v\\u00e1lidas en un mailto: u otro manejador URI, como es demostrado usando mIRC, Outlook, Firefox, Adobe Reader, Skype y otras aplicaciones. NOTA: este problema podr\\u00eda estar relacionado con otros problemas relacionados con los controladores de URL en sistemas Windows, tal y como CVE-2007-3845. Tambi\\u00e9n puede haber problemas separados pero estrechamente relacionados en las aplicaciones que son invocadas por los manejadores.\"}]",
      "id": "CVE-2007-3896",
      "lastModified": "2024-11-21T00:34:19.447",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-10-11T00:17:00.000",
      "references": "[{\"url\": \"http://blogs.zdnet.com/security/?p=577\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/26201\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018831\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.heise-security.co.uk/news/96982\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/403150\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/943521.mspx\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481493/100/100/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481505/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481624/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481664/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481671/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481680/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481839/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481846/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481867/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481871/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481881/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481887/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482090/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482292/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482437/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484186/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484186/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/25945\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1018822\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-317A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://xs-sniper.com/blog/remote-command-exec-firefox-2005/\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018831\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.heise-security.co.uk/news/96982\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/403150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/943521.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481493/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481505/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481624/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481664/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481671/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481680/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481839/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481846/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481867/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481871/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481881/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481887/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482090/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482292/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/482437/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484186/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484186/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25945\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018822\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-317A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://xs-sniper.com/blog/remote-command-exec-firefox-2005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3896\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-10-11T00:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \\\"%\\\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.\"},{\"lang\":\"es\",\"value\":\"El manejo de URL en la biblioteca Shell32.dll en el shell de Windows en Microsoft Windows XP y Server 2003, con Internet Explorer versi\u00f3n 7 instalado, permite a atacantes remotos ejecutar programas arbitrarios por medio de secuencias \\\"%\\\" no v\u00e1lidas en un mailto: u otro manejador URI, como es demostrado usando mIRC, Outlook, Firefox, Adobe Reader, Skype y otras aplicaciones. NOTA: este problema podr\u00eda estar relacionado con otros problemas relacionados con los controladores de URL en sistemas Windows, tal y como CVE-2007-3845. Tambi\u00e9n puede haber problemas separados pero estrechamente relacionados en las aplicaciones que son invocadas por los manejadores.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"580632FB-7EB8-4DC6-A372-742D4523BF79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD264C73-360E-414D-BE22-192F92E5A0A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8F4276-4D97-480D-A542-FE9982FFD765\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"6881476D-81A2-4DFD-AC77-82A8D08A0568\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"ACF75FC8-095A-4EEA-9A41-C27CFF3953FB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"57ECAAA8-8709-4AC7-9CE7-49A8040C04D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}],\"references\":[{\"url\":\"http://blogs.zdnet.com/security/?p=577\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/26201\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018831\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.heise-security.co.uk/news/96982\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/403150\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/943521.mspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481493/100/100/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481505/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481624/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481664/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481671/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481680/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481839/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481846/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481867/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481871/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481881/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/481887/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/482090/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/482292/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/482437/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/484186/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/484186/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/25945\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1018822\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-317A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://xs-sniper.com/blog/remote-command-exec-firefox-2005/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.zdnet.com/security/?p=577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.heise-security.co.uk/news/96982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/403150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/943521.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481493/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481505/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481624/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481664/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481671/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481680/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481839/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481846/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481867/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481871/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481881/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481887/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482090/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482292/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/482437/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484186/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484186/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-317A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://xs-sniper.com/blog/remote-command-exec-firefox-2005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-ALE-015

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans la gestion des URI dans Windows permet l'exécution de commandes arbitraires à distance.

Description

Une vulnérabilité dans le traitement des URI dans Windows permet l'exécution de commandes à distance. La présence d'Internet Explorer 7 (IE7) est nécessaire pour l'exploitation de cette vulnérabilité, car la gestion des URI est liée à ce programme. Cette alerte est une extension de l'alerte CERTA-2007-ALE-013, plusieurs applications étant concernées par cette vulnérabilité. Plus précisément, les chaînes de caractères passées en argument de certaines URI ne sont contrôlées ni par IE7 qui en assure le traitement, ni par un certain nombre d'applications (comme Acrobat Reader, Miranda, etc.) qui appellent la fonction vulnérable de Windows.

Il n'existe pour le moment aucun contournement provisoire pour ce problème qui n'ait de conséquences lourdes pour le fonctionnement du système et des applications. Il est toutefois possible que des éditeurs proposent des correctifs ou des contournements pour leur application, comme ce fut le cas pour Mozilla Firefox (voir alerte CERTA-2007-ALE-013) ou Adobe Reader (voir Documentation).

Mise à jour du 11 octobre 2007 :

Microsoft vient de publier l'avis de sécurité 943521 confirmant le problème.

Mise à jour du 24 octobre 2007 :

Adobe publie un correctif pour la version 8.1 des produits vulnérables.

Mise à jour du 14 novembre 2007 :

Microsoft publie un correctif décrit dans son bulletin MS07-061. Ce dernier est présenté dans l'avis CERTA-2007-AVI-489.

Contournements provisoires

Les contournements ne sont pas simples, comme il a été mentionné dans la section ci-dessus. Néanmoins, quelques mesures peuvent être entreprises pour limiter les risques :

des règles de filtrage concernant des liens suspects peuvent être mises en place au niveau des passerelles Web ou de messagerie qui inspectent le contenu. Par exemple, le champ mailto: ne doit pas être a priori suivi d'une chaîne de caractère contenant ../.. ou %, mais d'une adresse électronique valide. Des règles peuvent également être précisées pour les champs de type : http:, etc. De manière générale, tout type de liens qui n'est pas attendu ou explicitement autorisé doit être filtré.
les fichiers aux formats PDF peuvent être convertis dans d'autres formats (HTML, PS, TXT) ;
des clés de registre peuvent être modifiées au niveau des postes clients pour l'interprétation des champs protocolaires. Cette solution a été abordée dans une alerte publiée par Adobe. Elle est cependant assez radicale, et peut provoquer plusieurs dysfonctionnements.

Solution

Appliquer les correctifs décrits dans le bulletin de sécurité MS07-061 de Microsoft publié le 13 novembre 2007.

Windows XP SP 2 avec Internet Explorer 7 installé ;
Windows 2003 Server SP2 avec Internet Explorer 7 installé.

D'autres versions de Windows peuvent être affectées, le principal prérequis étant la présence d'Internet Explorer 7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe ASPB07-18 du 22 octobre 2007 :	-	other
Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007 :	-	other
Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007 :	-	other
Avis CERTA-2007-AVI-489 du 14 novembre 2007 :	-	other
Commentaires de Microsoft aux développeurs concernant la gestion des manipulateurs de protocoles :	-	other
Document du CERTA CERTA-2007-AVI-455 du 24 octobre 2007 :	-	other
Avis de sécurité Microsoft 943521 du 10 octobre 2007 :	-	other
Alerte CERTA-2007-ALE-013 du 31 juillet 2007 :	-	other
Bulletin de sécurité Adobe du 05 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eWindows XP SP 2 avec \u003cSPAN class=\"textit\"\u003eInternet Explorer    7\u003c/SPAN\u003e install\u00e9 ;\u003c/LI\u003e    \u003cLI\u003eWindows 2003 Server SP2 avec \u003cSPAN class=\"textit\"\u003eInternet    Explorer 7\u003c/SPAN\u003e install\u00e9.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eD\u0027autres versions de Windows peuvent \u00eatre affect\u00e9es, le  principal pr\u00e9requis \u00e9tant la pr\u00e9sence d\u0027\u003cSPAN class=\n  \"textit\"\u003eInternet Explorer 7\u003c/SPAN\u003e.\u003c/P\u003e",
  "closed_at": "2007-11-14",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes \u00e0 distance. La pr\u00e9sence d\u0027Internet Explorer 7\n(IE7) est n\u00e9cessaire pour l\u0027exploitation de cette vuln\u00e9rabilit\u00e9, car la\ngestion des URI est li\u00e9e \u00e0 ce programme. Cette alerte est une extension\nde l\u0027alerte CERTA-2007-ALE-013, plusieurs applications \u00e9tant concern\u00e9es\npar cette vuln\u00e9rabilit\u00e9. Plus pr\u00e9cis\u00e9ment, les cha\u00eenes de caract\u00e8res\npass\u00e9es en argument de certaines URI ne sont contr\u00f4l\u00e9es ni par IE7 qui\nen assure le traitement, ni par un certain nombre d\u0027applications (comme\nAcrobat Reader, Miranda, etc.) qui appellent la fonction vuln\u00e9rable de\nWindows.\n\nIl n\u0027existe pour le moment aucun contournement provisoire pour ce\nprobl\u00e8me qui n\u0027ait de cons\u00e9quences lourdes pour le fonctionnement du\nsyst\u00e8me et des applications. Il est toutefois possible que des \u00e9diteurs\nproposent des correctifs ou des contournements pour leur application,\ncomme ce fut le cas pour Mozilla Firefox (voir alerte\nCERTA-2007-ALE-013) ou Adobe Reader (voir Documentation).\n\nMise \u00e0 jour du 11 octobre 2007 :\n\nMicrosoft vient de publier l\u0027avis de s\u00e9curit\u00e9 943521 confirmant le\nprobl\u00e8me.\n\nMise \u00e0 jour du 24 octobre 2007 :\n\nAdobe publie un correctif pour la version 8.1 des produits vuln\u00e9rables.\n\nMise \u00e0 jour du 14 novembre 2007 :\n\nMicrosoft publie un correctif d\u00e9crit dans son bulletin MS07-061. Ce\ndernier est pr\u00e9sent\u00e9 dans l\u0027avis CERTA-2007-AVI-489.\n\n## Contournements provisoires\n\nLes contournements ne sont pas simples, comme il a \u00e9t\u00e9 mentionn\u00e9 dans la\nsection ci-dessus. N\u00e9anmoins, quelques mesures peuvent \u00eatre entreprises\npour limiter les risques :\n\n-   des r\u00e8gles de filtrage concernant des liens suspects peuvent \u00eatre\n    mises en place au niveau des passerelles Web ou de messagerie qui\n    inspectent le contenu. Par exemple, le champ mailto: ne doit pas\n    \u00eatre a priori suivi d\u0027une cha\u00eene de caract\u00e8re contenant ../.. ou %,\n    mais d\u0027une adresse \u00e9lectronique valide. Des r\u00e8gles peuvent \u00e9galement\n    \u00eatre pr\u00e9cis\u00e9es pour les champs de type : http:, etc. De mani\u00e8re\n    g\u00e9n\u00e9rale, tout type de liens qui n\u0027est pas attendu ou explicitement\n    autoris\u00e9 doit \u00eatre filtr\u00e9.\n-   les fichiers aux formats PDF peuvent \u00eatre convertis dans d\u0027autres\n    formats (HTML, PS, TXT) ;\n-   des cl\u00e9s de registre peuvent \u00eatre modifi\u00e9es au niveau des postes\n    clients pour l\u0027interpr\u00e9tation des champs protocolaires. Cette\n    solution a \u00e9t\u00e9 abord\u00e9e dans une alerte publi\u00e9e par Adobe. Elle est\n    cependant assez radicale, et peut provoquer plusieurs\n    dysfonctionnements.\n\n## Solution\n\nAppliquer les correctifs d\u00e9crits dans le bulletin de s\u00e9curit\u00e9 MS07-061\nde Microsoft publi\u00e9 le 13 novembre 2007.\n",
  "cves": [
    {
      "name": "CVE-2007-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3896"
    },
    {
      "name": "CVE-2007-5020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5020"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe ASPB07-18 du 22 octobre 2007 :",
      "url": "http://www.adobe.com/support/security/bulletins/ASPB07-18.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS07-061.mspx"
    },
    {
      "title": "Avis CERTA-2007-AVI-489 du 14 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-489/"
    },
    {
      "title": "Commentaires de Microsoft aux d\u00e9veloppeurs concernant la    gestion des manipulateurs de protocoles :",
      "url": "http://blogs.msdn.com/ie/archive/2007/07/18/enriching-the-web-safely-how-to-create-application-protocol-handlers.aspx"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-455 du 24 octobre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-455/index.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 943521 du 10 octobre 2007 :",
      "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
    },
    {
      "title": "Alerte CERTA-2007-ALE-013 du 31 juillet 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-013/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 05 octobre 2007 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
    }
  ],
  "reference": "CERTA-2007-ALE-015",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-10T00:00:00.000000"
    },
    {
      "description": "ajout de l\u0027avis 943521 de Microsoft et de la r\u00e9f\u00e9rence CVE associ\u00e9e.",
      "revision_date": "2007-10-11T00:00:00.000000"
    },
    {
      "description": "ajout de l\u0027avis ASPB07-18 d\u0027Adobe et de la r\u00e9f\u00e9rence CVE associ\u00e9e.",
      "revision_date": "2007-10-24T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin MS07-061 de Microsoft.",
      "revision_date": "2007-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes arbitraires \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows",
  "vendor_advisories": []
}

CERTA-2007-ALE-015

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans la gestion des URI dans Windows permet l'exécution de commandes arbitraires à distance.

Description

Mise à jour du 11 octobre 2007 :

Microsoft vient de publier l'avis de sécurité 943521 confirmant le problème.

Mise à jour du 24 octobre 2007 :

Adobe publie un correctif pour la version 8.1 des produits vulnérables.

Mise à jour du 14 novembre 2007 :

Microsoft publie un correctif décrit dans son bulletin MS07-061. Ce dernier est présenté dans l'avis CERTA-2007-AVI-489.

Contournements provisoires

Les contournements ne sont pas simples, comme il a été mentionné dans la section ci-dessus. Néanmoins, quelques mesures peuvent être entreprises pour limiter les risques :

des règles de filtrage concernant des liens suspects peuvent être mises en place au niveau des passerelles Web ou de messagerie qui inspectent le contenu. Par exemple, le champ mailto: ne doit pas être a priori suivi d'une chaîne de caractère contenant ../.. ou %, mais d'une adresse électronique valide. Des règles peuvent également être précisées pour les champs de type : http:, etc. De manière générale, tout type de liens qui n'est pas attendu ou explicitement autorisé doit être filtré.
les fichiers aux formats PDF peuvent être convertis dans d'autres formats (HTML, PS, TXT) ;
des clés de registre peuvent être modifiées au niveau des postes clients pour l'interprétation des champs protocolaires. Cette solution a été abordée dans une alerte publiée par Adobe. Elle est cependant assez radicale, et peut provoquer plusieurs dysfonctionnements.

Solution

Appliquer les correctifs décrits dans le bulletin de sécurité MS07-061 de Microsoft publié le 13 novembre 2007.

Windows XP SP 2 avec Internet Explorer 7 installé ;
Windows 2003 Server SP2 avec Internet Explorer 7 installé.

D'autres versions de Windows peuvent être affectées, le principal prérequis étant la présence d'Internet Explorer 7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe ASPB07-18 du 22 octobre 2007 :	-	other
Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007 :	-	other
Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007 :	-	other
Avis CERTA-2007-AVI-489 du 14 novembre 2007 :	-	other
Commentaires de Microsoft aux développeurs concernant la gestion des manipulateurs de protocoles :	-	other
Document du CERTA CERTA-2007-AVI-455 du 24 octobre 2007 :	-	other
Avis de sécurité Microsoft 943521 du 10 octobre 2007 :	-	other
Alerte CERTA-2007-ALE-013 du 31 juillet 2007 :	-	other
Bulletin de sécurité Adobe du 05 octobre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eWindows XP SP 2 avec \u003cSPAN class=\"textit\"\u003eInternet Explorer    7\u003c/SPAN\u003e install\u00e9 ;\u003c/LI\u003e    \u003cLI\u003eWindows 2003 Server SP2 avec \u003cSPAN class=\"textit\"\u003eInternet    Explorer 7\u003c/SPAN\u003e install\u00e9.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eD\u0027autres versions de Windows peuvent \u00eatre affect\u00e9es, le  principal pr\u00e9requis \u00e9tant la pr\u00e9sence d\u0027\u003cSPAN class=\n  \"textit\"\u003eInternet Explorer 7\u003c/SPAN\u003e.\u003c/P\u003e",
  "closed_at": "2007-11-14",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes \u00e0 distance. La pr\u00e9sence d\u0027Internet Explorer 7\n(IE7) est n\u00e9cessaire pour l\u0027exploitation de cette vuln\u00e9rabilit\u00e9, car la\ngestion des URI est li\u00e9e \u00e0 ce programme. Cette alerte est une extension\nde l\u0027alerte CERTA-2007-ALE-013, plusieurs applications \u00e9tant concern\u00e9es\npar cette vuln\u00e9rabilit\u00e9. Plus pr\u00e9cis\u00e9ment, les cha\u00eenes de caract\u00e8res\npass\u00e9es en argument de certaines URI ne sont contr\u00f4l\u00e9es ni par IE7 qui\nen assure le traitement, ni par un certain nombre d\u0027applications (comme\nAcrobat Reader, Miranda, etc.) qui appellent la fonction vuln\u00e9rable de\nWindows.\n\nIl n\u0027existe pour le moment aucun contournement provisoire pour ce\nprobl\u00e8me qui n\u0027ait de cons\u00e9quences lourdes pour le fonctionnement du\nsyst\u00e8me et des applications. Il est toutefois possible que des \u00e9diteurs\nproposent des correctifs ou des contournements pour leur application,\ncomme ce fut le cas pour Mozilla Firefox (voir alerte\nCERTA-2007-ALE-013) ou Adobe Reader (voir Documentation).\n\nMise \u00e0 jour du 11 octobre 2007 :\n\nMicrosoft vient de publier l\u0027avis de s\u00e9curit\u00e9 943521 confirmant le\nprobl\u00e8me.\n\nMise \u00e0 jour du 24 octobre 2007 :\n\nAdobe publie un correctif pour la version 8.1 des produits vuln\u00e9rables.\n\nMise \u00e0 jour du 14 novembre 2007 :\n\nMicrosoft publie un correctif d\u00e9crit dans son bulletin MS07-061. Ce\ndernier est pr\u00e9sent\u00e9 dans l\u0027avis CERTA-2007-AVI-489.\n\n## Contournements provisoires\n\nLes contournements ne sont pas simples, comme il a \u00e9t\u00e9 mentionn\u00e9 dans la\nsection ci-dessus. N\u00e9anmoins, quelques mesures peuvent \u00eatre entreprises\npour limiter les risques :\n\n-   des r\u00e8gles de filtrage concernant des liens suspects peuvent \u00eatre\n    mises en place au niveau des passerelles Web ou de messagerie qui\n    inspectent le contenu. Par exemple, le champ mailto: ne doit pas\n    \u00eatre a priori suivi d\u0027une cha\u00eene de caract\u00e8re contenant ../.. ou %,\n    mais d\u0027une adresse \u00e9lectronique valide. Des r\u00e8gles peuvent \u00e9galement\n    \u00eatre pr\u00e9cis\u00e9es pour les champs de type : http:, etc. De mani\u00e8re\n    g\u00e9n\u00e9rale, tout type de liens qui n\u0027est pas attendu ou explicitement\n    autoris\u00e9 doit \u00eatre filtr\u00e9.\n-   les fichiers aux formats PDF peuvent \u00eatre convertis dans d\u0027autres\n    formats (HTML, PS, TXT) ;\n-   des cl\u00e9s de registre peuvent \u00eatre modifi\u00e9es au niveau des postes\n    clients pour l\u0027interpr\u00e9tation des champs protocolaires. Cette\n    solution a \u00e9t\u00e9 abord\u00e9e dans une alerte publi\u00e9e par Adobe. Elle est\n    cependant assez radicale, et peut provoquer plusieurs\n    dysfonctionnements.\n\n## Solution\n\nAppliquer les correctifs d\u00e9crits dans le bulletin de s\u00e9curit\u00e9 MS07-061\nde Microsoft publi\u00e9 le 13 novembre 2007.\n",
  "cves": [
    {
      "name": "CVE-2007-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3896"
    },
    {
      "name": "CVE-2007-5020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5020"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe ASPB07-18 du 22 octobre 2007 :",
      "url": "http://www.adobe.com/support/security/bulletins/ASPB07-18.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS07-061.mspx"
    },
    {
      "title": "Avis CERTA-2007-AVI-489 du 14 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-489/"
    },
    {
      "title": "Commentaires de Microsoft aux d\u00e9veloppeurs concernant la    gestion des manipulateurs de protocoles :",
      "url": "http://blogs.msdn.com/ie/archive/2007/07/18/enriching-the-web-safely-how-to-create-application-protocol-handlers.aspx"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-455 du 24 octobre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-455/index.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 943521 du 10 octobre 2007 :",
      "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
    },
    {
      "title": "Alerte CERTA-2007-ALE-013 du 31 juillet 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-013/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 05 octobre 2007 :",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
    }
  ],
  "reference": "CERTA-2007-ALE-015",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-10-10T00:00:00.000000"
    },
    {
      "description": "ajout de l\u0027avis 943521 de Microsoft et de la r\u00e9f\u00e9rence CVE associ\u00e9e.",
      "revision_date": "2007-10-11T00:00:00.000000"
    },
    {
      "description": "ajout de l\u0027avis ASPB07-18 d\u0027Adobe et de la r\u00e9f\u00e9rence CVE associ\u00e9e.",
      "revision_date": "2007-10-24T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin MS07-061 de Microsoft.",
      "revision_date": "2007-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes arbitraires \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows",
  "vendor_advisories": []
}

CERTA-2007-AVI-489

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité liée à la gestion des URI dans Windows permet l'exécution de commandes arbitraires à distance.

Description

Une vulnérabilité liée à la gestion des URI (Uniform Resource Identifier) dans Windows permet l'exécution de commandes arbitraires à distance. La présence d'Internet Explorer 7 (IE7) est nécessaire pour l'exploitation de cette vulnérabilité.

Celle-ci a fait l'objet de l'alerte CERTA-2007-ALE-015 publiée par le CERTA le 10 octobre 2007. Microsoft avait par ailleurs signalé le problème dans l'avis de sécurité 943521 le 11 octobre.

Solution

Se référer au bulletin de sécurité MS07-061 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Windows XP Service Pack 2 ;
Windows XP Professional x64 Edition ;
Windows XP Professional x64 Edition Service Pack 2 ;
Windows Server 2003 Service Pack 1 ;
Windows Server 2003 Service Pack 2 ;
Windows Server 2003 x64 Edition ;
Windows Server 2003 x64 Edition Service Pack 2 ;
Windows Server 2003 avec SP1 et SP2 pour systèmes Itanium.

Microsoft Windows 2000 Service Pack 4 et Microsoft Vista ne sont pas affectés.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007	None	vendor-advisory
Alerte CERTA-2007-ALE-015 du 10 octobre 2007, « Vulnérabilité dans le traitement des URI sous Windows » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eWindows XP Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows XP Professional x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eWindows XP Professional x64 Edition Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 Service Pack 1 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 Edition Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 avec SP1 et SP2 pour syst\u00e8mes    Itanium.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eMicrosoft Windows 2000 Service Pack 4 et Microsoft Vista ne  sont pas affect\u00e9s.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion des URI (Uniform Resource\nIdentifier) dans Windows permet l\u0027ex\u00e9cution de commandes arbitraires \u00e0\ndistance. La pr\u00e9sence d\u0027Internet Explorer 7 (IE7) est n\u00e9cessaire pour\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9.\n\nCelle-ci a fait l\u0027objet de l\u0027alerte CERTA-2007-ALE-015 publi\u00e9e par le\nCERTA le 10 octobre 2007. Microsoft avait par ailleurs signal\u00e9 le\nprobl\u00e8me dans l\u0027avis de s\u00e9curit\u00e9 943521 le 11 octobre.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-061 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3896"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2007-ALE-015 du 10 octobre 2007, \u00ab    Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-015/"
    }
  ],
  "reference": "CERTA-2007-AVI-489",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes arbitraires \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx"
    }
  ]
}

CERTA-2007-AVI-489

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité liée à la gestion des URI dans Windows permet l'exécution de commandes arbitraires à distance.

Description

Celle-ci a fait l'objet de l'alerte CERTA-2007-ALE-015 publiée par le CERTA le 10 octobre 2007. Microsoft avait par ailleurs signalé le problème dans l'avis de sécurité 943521 le 11 octobre.

Solution

Se référer au bulletin de sécurité MS07-061 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Windows XP Service Pack 2 ;
Windows XP Professional x64 Edition ;
Windows XP Professional x64 Edition Service Pack 2 ;
Windows Server 2003 Service Pack 1 ;
Windows Server 2003 Service Pack 2 ;
Windows Server 2003 x64 Edition ;
Windows Server 2003 x64 Edition Service Pack 2 ;
Windows Server 2003 avec SP1 et SP2 pour systèmes Itanium.

Microsoft Windows 2000 Service Pack 4 et Microsoft Vista ne sont pas affectés.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-061 du 13 novembre 2007	None	vendor-advisory
Alerte CERTA-2007-ALE-015 du 10 octobre 2007, « Vulnérabilité dans le traitement des URI sous Windows » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eWindows XP Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows XP Professional x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eWindows XP Professional x64 Edition Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 Service Pack 1 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 x64 Edition Service Pack 2 ;\u003c/LI\u003e    \u003cLI\u003eWindows Server 2003 avec SP1 et SP2 pour syst\u00e8mes    Itanium.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eMicrosoft Windows 2000 Service Pack 4 et Microsoft Vista ne  sont pas affect\u00e9s.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion des URI (Uniform Resource\nIdentifier) dans Windows permet l\u0027ex\u00e9cution de commandes arbitraires \u00e0\ndistance. La pr\u00e9sence d\u0027Internet Explorer 7 (IE7) est n\u00e9cessaire pour\nl\u0027exploitation de cette vuln\u00e9rabilit\u00e9.\n\nCelle-ci a fait l\u0027objet de l\u0027alerte CERTA-2007-ALE-015 publi\u00e9e par le\nCERTA le 10 octobre 2007. Microsoft avait par ailleurs signal\u00e9 le\nprobl\u00e8me dans l\u0027avis de s\u00e9curit\u00e9 943521 le 11 octobre.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-061 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3896"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2007-ALE-015 du 10 octobre 2007, \u00ab    Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ALE-015/"
    }
  ],
  "reference": "CERTA-2007-AVI-489",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion des URI dans Windows permet\nl\u0027ex\u00e9cution de commandes arbitraires \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le traitement des URI sous Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-061 du 13 novembre 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx"
    }
  ]
}

GSD-2007-3896

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3896

Aliases

CVE-2007-3896

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3896",
    "description": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.",
    "id": "GSD-2007-3896"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3896"
      ],
      "details": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.",
      "id": "GSD-2007-3896",
      "modified": "2023-12-13T01:21:41.922768Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-3896",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
          },
          {
            "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
          },
          {
            "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
          },
          {
            "name": "http://www.heise-security.co.uk/news/96982",
            "refsource": "MISC",
            "url": "http://www.heise-security.co.uk/news/96982"
          },
          {
            "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
          },
          {
            "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
          },
          {
            "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
          },
          {
            "name": "http://blogs.zdnet.com/security/?p=577",
            "refsource": "MISC",
            "url": "http://blogs.zdnet.com/security/?p=577"
          },
          {
            "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
          },
          {
            "name": "HPSBST02291",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
          },
          {
            "name": "26201",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26201"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
          },
          {
            "name": "SSRT071498",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:4581",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
          },
          {
            "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/",
            "refsource": "MISC",
            "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
          },
          {
            "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
          },
          {
            "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
          },
          {
            "name": "1018831",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018831"
          },
          {
            "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
          },
          {
            "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
          },
          {
            "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
          },
          {
            "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
          },
          {
            "name": "TA07-317A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
          },
          {
            "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
          },
          {
            "name": "943521",
            "refsource": "MSKB",
            "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
          },
          {
            "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
          },
          {
            "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
          },
          {
            "name": "MS07-061",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
          },
          {
            "name": "25945",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25945"
          },
          {
            "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
          },
          {
            "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
          },
          {
            "name": "VU#403150",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/403150"
          },
          {
            "name": "20071011 M$ will fix URI?",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
          },
          {
            "name": "20071003 0day: mIRC pwns Windows",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
          },
          {
            "name": "20071004 Re: 0day: mIRC pwns Windows",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
          },
          {
            "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
          },
          {
            "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
          },
          {
            "name": "20071003 Re: 0day: mIRC pwns Windows",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
          },
          {
            "name": "1018822",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018822"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3896"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.zdnet.com/security/?p=577",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.zdnet.com/security/?p=577"
            },
            {
              "name": "http://www.heise-security.co.uk/news/96982",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.heise-security.co.uk/news/96982"
            },
            {
              "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
            },
            {
              "name": "20071003 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
            },
            {
              "name": "20071003 Re: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
            },
            {
              "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
            },
            {
              "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
            },
            {
              "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
            },
            {
              "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
            },
            {
              "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
            },
            {
              "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
            },
            {
              "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
            },
            {
              "name": "943521",
              "refsource": "MSKB",
              "tags": [],
              "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
            },
            {
              "name": "VU#403150",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/403150"
            },
            {
              "name": "26201",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26201"
            },
            {
              "name": "TA07-317A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
            },
            {
              "name": "25945",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25945"
            },
            {
              "name": "1018822",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018822"
            },
            {
              "name": "1018831",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018831"
            },
            {
              "name": "oval:org.mitre.oval:def:4581",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
            },
            {
              "name": "MS07-061",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
            },
            {
              "name": "HPSBST02291",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
            },
            {
              "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
            },
            {
              "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
            },
            {
              "name": "20071011 M$ will fix URI?",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
            },
            {
              "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
            },
            {
              "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
            },
            {
              "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
            },
            {
              "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
            },
            {
              "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
            },
            {
              "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
            },
            {
              "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
            },
            {
              "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
            },
            {
              "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
            },
            {
              "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
            },
            {
              "name": "20071004 Re: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
            },
            {
              "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T15:05Z",
      "publishedDate": "2007-10-11T00:17Z"
    }
  }
}

GHSA-WMHG-7FM8-R4VP

Vulnerability from github – Published: 2022-05-01 18:18 – Updated: 2025-04-09 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-11T00:17:00Z",
    "severity": "HIGH"
  },
  "details": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.",
  "id": "GHSA-wmhg-7fm8-r4vp",
  "modified": "2025-04-09T03:47:09Z",
  "published": "2022-05-01T18:18:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3896"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
    },
    {
      "type": "WEB",
      "url": "http://blogs.zdnet.com/security/?p=577"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26201"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018831"
    },
    {
      "type": "WEB",
      "url": "http://www.heise-security.co.uk/news/96982"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/403150"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25945"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018822"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
    },
    {
      "type": "WEB",
      "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-3896

Vulnerability from fkie_nvd - Published: 2007-10-11 00:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://blogs.zdnet.com/security/?p=577
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119143780202107&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119144449915918&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119159924712561&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119168062128026&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119194714125580&w=2
secure@microsoft.com	http://marc.info/?l=bugtraq&m=119195904813505&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119159477404263&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119168727402084&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119170531020020&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119171444628628&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119175323322021&w=2
secure@microsoft.com	http://marc.info/?l=full-disclosure&m=119180333805950&w=2
secure@microsoft.com	http://secunia.com/advisories/26201	Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1018831
secure@microsoft.com	http://www.heise-security.co.uk/news/96982
secure@microsoft.com	http://www.kb.cert.org/vuls/id/403150	US Government Resource
secure@microsoft.com	http://www.microsoft.com/technet/security/advisory/943521.mspx
secure@microsoft.com	http://www.securityfocus.com/archive/1/481493/100/100/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481505/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481624/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481664/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481671/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481680/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481839/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481846/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481867/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481871/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481881/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/481887/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/482090/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/482292/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/482437/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/484186/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/25945
secure@microsoft.com	http://www.securitytracker.com/id?1018822
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-317A.html	US Government Resource
secure@microsoft.com	http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581
af854a3a-2127-422b-91ae-364da2661108	http://blogs.zdnet.com/security/?p=577
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119143780202107&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119144449915918&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119159924712561&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119168062128026&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119194714125580&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=119195904813505&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119159477404263&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119168727402084&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119170531020020&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119171444628628&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119175323322021&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=119180333805950&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26201	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018831
af854a3a-2127-422b-91ae-364da2661108	http://www.heise-security.co.uk/news/96982
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/403150	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/943521.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481493/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481505/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481624/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481664/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481671/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481680/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481839/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481846/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481867/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481871/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481881/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481887/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482090/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482292/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/482437/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484186/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25945
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018822
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-317A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581

Impacted products

Vendor	Product	Version
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	internet_explorer	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "ACF75FC8-095A-4EEA-9A41-C27CFF3953FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
    },
    {
      "lang": "es",
      "value": "El manejo de URL en la biblioteca Shell32.dll en el shell de Windows en Microsoft Windows XP y Server 2003, con Internet Explorer versi\u00f3n 7 instalado, permite a atacantes remotos ejecutar programas arbitrarios por medio de secuencias \"%\" no v\u00e1lidas en un mailto: u otro manejador URI, como es demostrado usando mIRC, Outlook, Firefox, Adobe Reader, Skype y otras aplicaciones. NOTA: este problema podr\u00eda estar relacionado con otros problemas relacionados con los controladores de URL en sistemas Windows, tal y como CVE-2007-3845. Tambi\u00e9n puede haber problemas separados pero estrechamente relacionados en las aplicaciones que son invocadas por los manejadores."
    }
  ],
  "id": "CVE-2007-3896",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-11T00:17:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.zdnet.com/security/?p=577"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26201"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1018831"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.heise-security.co.uk/news/96982"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/403150"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/25945"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1018822"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.zdnet.com/security/?p=577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119143780202107\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119144449915918\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119159924712561\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119168062128026\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119194714125580\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=119195904813505\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119159477404263\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119168727402084\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119170531020020\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119171444628628\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119175323322021\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=119180333805950\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.heise-security.co.uk/news/96982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/403150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3896 (GCVE-0-2007-3896)

CERTA-2007-ALE-015

Description

Contournements provisoires

Solution

CERTA-2007-ALE-015

Description

Contournements provisoires

Solution

CERTA-2007-AVI-489

Description

Solution

CERTA-2007-AVI-489

Description

Solution

GSD-2007-3896

GHSA-WMHG-7FM8-R4VP

FKIE_CVE-2007-3896

Tags

Sightings

Nomenclature