CVE-2007-4042

Published: Jul 27, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Affected (2)

Products: Microsoft: Internet Explorer · Netscape: Navigator

1 product

1 product

Configuration A

2 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Netscape Navigator	Version 9.0

Running on/with	Platform Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

References (4)

http://osvdb.org/46832

Source: cve@mitre.org

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

Source: cve@mitre.org

http://osvdb.org/46832

Source: af854a3a-2127-422b-91ae-364da2661108

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.