CVE-2007-3896

Published: Oct 11, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

Affected (1)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7.0

Running on/with	Platform Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (80)

http://blogs.zdnet.com/security/?p=577

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119143780202107&w=2

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119144449915918&w=2

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119159924712561&w=2

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119168062128026&w=2

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119194714125580&w=2

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=119195904813505&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119159477404263&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119168727402084&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119170531020020&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119171444628628&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119175323322021&w=2

Source: secure@microsoft.com

http://marc.info/?l=full-disclosure&m=119180333805950&w=2

Source: secure@microsoft.com

http://secunia.com/advisories/26201

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1018831

Source: secure@microsoft.com

http://www.heise-security.co.uk/news/96982

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/403150

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/943521.mspx

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481493/100/100/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481505/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481624/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481664/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481671/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481680/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481839/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481846/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481867/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481871/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481881/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/481887/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/482090/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/482292/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/482437/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/484186/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/25945

Source: secure@microsoft.com

http://www.securitytracker.com/id?1018822

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-317A.html

Source: secure@microsoft.com

US Government Resource

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581

Source: secure@microsoft.com

http://blogs.zdnet.com/security/?p=577