CVE-2007-3924 (GCVE-0-2007-3924)

Vulnerability from cvelistv5 – Published: 2007-07-21 00:00 – Updated: 2024-09-17 00:55
VLAI?
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 x_refsource_MISC
http://secunia.com/advisories/26082 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
          },
          {
            "name": "26082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-07-21T00:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
        },
        {
          "name": "26082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sla.ckers.org/forum/read.php?3,13732,13739",
              "refsource": "MISC",
              "url": "http://sla.ckers.org/forum/read.php?3,13732,13739"
            },
            {
              "name": "26082",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3924",
    "datePublished": "2007-07-21T00:00:00Z",
    "dateReserved": "2007-07-20T00:00:00Z",
    "dateUpdated": "2024-09-17T00:55:56.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8682FAF3-98E3-485C-89CB-C0358C4E2AB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netscape:navigator:9.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"25A764C3-EA07-4125-8456-554E1D12155F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elecci\\u00f3n mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la l\\u00ednea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.\\r\\nNOTA: Se ha debatido si este asunto se produce en Explorer \\u00f3 Netscape. En la fecha 20070713, la opini\\u00f3n de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podr\\u00eda aparecer con otros gestores de protocolos en IE.\\r\\n\"}]",
      "id": "CVE-2007-3924",
      "lastModified": "2024-11-21T00:34:23.037",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-07-21T00:30:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/26082\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://sla.ckers.org/forum/read.php?3%2C13732%2C13739\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://sla.ckers.org/forum/read.php?3%2C13732%2C13739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3924\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-21T00:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la l\u00ednea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.\\r\\nNOTA: Se ha debatido si este asunto se produce en Explorer \u00f3 Netscape. En la fecha 20070713, la opini\u00f3n de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podr\u00eda aparecer con otros gestores de protocolos en IE.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8682FAF3-98E3-485C-89CB-C0358C4E2AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netscape:navigator:9.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A764C3-EA07-4125-8456-554E1D12155F\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/26082\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sla.ckers.org/forum/read.php?3%2C13732%2C13739\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sla.ckers.org/forum/read.php?3%2C13732%2C13739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.