QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-3896

Back to search

CVE-2007-3896

Published: Oct 11, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

VendorProductVersions

n/a

n/a

affected
n/a

References

HPSBST02291
vendor-advisory
x_refsource_HP
26201
third-party-advisory
x_refsource_SECUNIA
SSRT071498
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:4581
vdb-entry
signature
x_refsource_OVAL
1018831
vdb-entry
x_refsource_SECTRACK
TA07-317A
third-party-advisory
x_refsource_CERT
943521
vendor-advisory
x_refsource_MSKB
20071004 Re[2]: 0day: mIRC pwns Windows
mailing-list
x_refsource_BUGTRAQ
MS07-061
vendor-advisory
x_refsource_MS
25945
vdb-entry
x_refsource_BID
VU#403150
third-party-advisory
x_refsource_CERT-VN
20071011 M$ will fix URI?
mailing-list
x_refsource_BUGTRAQ
20071003 0day: mIRC pwns Windows
mailing-list
x_refsource_BUGTRAQ
20071004 Re: 0day: mIRC pwns Windows
mailing-list
x_refsource_BUGTRAQ
20071003 Re: 0day: mIRC pwns Windows
mailing-list
x_refsource_BUGTRAQ
1018822
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now