Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-3896

Disclosure Date: October 11, 2007 •

Description

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid “%” sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

microsoft

Products

internet explorer 7.0

References

Canonical

CVE-2007-3896 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3896)

BID-25945 (http://www.securityfocus.com/bid/25945)

Advisory

20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW (http://www.securityfocus.com/archive/1/482437/100/0/threaded)

20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119159477404263&w=2)

20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481871/100/0/threaded)

20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (http://www.securityfocus.com/archive/1/481680/100/0/threaded)

20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481664/100/0/threaded)

20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=bugtraq&m=119159924712561&w=2)

20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (http://www.securityfocus.com/archive/1/481867/100/0/threaded)

HPSBST02291 (http://www.securityfocus.com/archive/1/484186/100/0/threaded)

SECUNIA-26201 (http://secunia.com/advisories/26201)

20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=bugtraq&m=119168062128026&w=2)

20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119171444628628&w=2)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581

20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119175323322021&w=2)

20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (http://www.securityfocus.com/archive/1/481846/100/0/threaded)

SECTRACK-1018831 (http://securitytracker.com/id?1018831)

20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=bugtraq&m=119194714125580&w=2)

20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119168727402084&w=2)

20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (http://www.securityfocus.com/archive/1/481881/100/0/threaded)

20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481671/100/0/threaded)

20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481839/100/0/threaded)

TA07-317A (http://www.us-cert.gov/cas/techalerts/TA07-317A.html)

20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119180333805950&w=2)

20071004 Re[2]: 0day: mIRC pwns Windows (http://www.securityfocus.com/archive/1/481493/100/100/threaded)

20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481624/100/0/threaded)

MS07-061 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061)

20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://www.securityfocus.com/archive/1/481887/100/0/threaded)

20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available (http://www.securityfocus.com/archive/1/482292/100/0/threaded)

VU#403150 (http://www.kb.cert.org/vuls/id/403150)

20071011 M$ will fix URI? (http://www.securityfocus.com/archive/1/482090/100/0/threaded)

20071003 0day: mIRC pwns Windows (http://marc.info?l=bugtraq&m=119143780202107&w=2)

20071004 Re: 0day: mIRC pwns Windows (http://www.securityfocus.com/archive/1/481505/100/0/threaded)

20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=bugtraq&m=119195904813505&w=2)

20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (http://marc.info?l=full-disclosure&m=119170531020020&w=2)

20071003 Re: 0day: mIRC pwns Windows (http://marc.info?l=bugtraq&m=119144449915918&w=2)

SECTRACK-1018822 (http://www.securitytracker.com/id?1018822)

Miscellaneous

http://www.heise-security.co.uk/news/96982

http://blogs.zdnet.com/security?p=577

http://xs-sniper.com/blog/remote-command-exec-firefox-2005

943521 (http://www.microsoft.com/technet/security/advisory/943521.mspx)

Rapid7

Technical Analysis