Executive Summary

Summary
Title URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
Informations
Name KB943521 First vendor Publication 2007-10-10
Vendor Microsoft Last vendor Modification 2007-11-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-061 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-061. The vulnerability addressed is the Windows URI Handling Vulnerability - CVE-2007-3896.

Acknowledgments:

Microsoft thanks the following for working with us to help protect customers:

Carsten H. Eiram of Secunia for working with us and reporting the vulnerability in URI handling.

Aviv Raff of finjan for working with us and reporting the vulnerability in URI handling.

Petko Petkov of gnucitizen for working with us and reporting the vulnerability in URI handling.


Original Source

Url : http://www.microsoft.com/technet/security/advisory/943521.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:4581
 
Oval ID: oval:org.mitre.oval:def:4581
Title: Windows URI Handling Vulnerability
Description: The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
Family: windows Class: vulnerability
Reference(s): CVE-2007-3896
Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

SAINT Exploits

Description Link
Windows IE7 URI Handler command execution through Firefox More info here

Open Source Vulnerability Database (OSVDB)

Id Description
41090 Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbi...

Information Assurance Vulnerability Management (IAVM)

Date Description
2007-11-15 IAVM : 2007-A-0053 - Windows URI Handling Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0015397

Snort® IPS/IDS

Date Description
2018-01-17 Microsoft Windows ShellExecute and IE7 url handling code execution attempt
RuleID : 45175 - Revision : 1 - Type : OS-WINDOWS
2015-01-20 Multiple product mailto uri handling code execution attempt
RuleID : 32871 - Revision : 2 - Type : OS-WINDOWS
2015-01-20 Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt
RuleID : 32870 - Revision : 2 - Type : OS-WINDOWS
2015-01-20 Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt
RuleID : 32869 - Revision : 2 - Type : OS-WINDOWS
2014-01-10 Multiple product mailto uri handling code execution attempt
RuleID : 18173 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Multiple product mailto uri handling code execution attempt
RuleID : 18172 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Multiple product mailto uri handling code execution attempt
RuleID : 18171 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt
RuleID : 17468 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt
RuleID : 17467 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 Multiple product snews uri handling code execution attempt
RuleID : 15684 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Multiple product mailto uri handling code execution attempt
RuleID : 13272 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Multiple product telnet uri handling code execution attempt
RuleID : 13271 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Multiple product news uri handling code execution attempt
RuleID : 13270 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Multiple product nntp uri handling code execution attempt
RuleID : 13269 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows ShellExecute and IE7 url handling code execution attempt
RuleID : 12688 - Revision : 16 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows ShellExecute and IE7 url handling code execution attempt
RuleID : 12687 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows ShellExecute and Internet Explorer 7 url handling code exec...
RuleID : 12664 - Revision : 9 - Type : BROWSER-IE
2014-01-10 Microsoft Windows URI External handler arbitrary command attempt
RuleID : 12643 - Revision : 9 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2007-11-13 Name : Vulnerabilities in the Windows Shell may allow a user to elevate his privileges.
File : smb_nt_ms07-061.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-01-20 21:25:01
  • Multiple Updates
2014-01-19 21:29:41
  • Multiple Updates
2013-05-11 12:20:23
  • Multiple Updates