National Cyber Awareness System

Vulnerability Summary for CVE-2007-3896

Overview

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-317A

Name: TA07-317A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-317A.html

US-CERT Vulnerability Note: VU#403150

Name: VU#403150

Hyperlink:http://www.kb.cert.org/vuls/id/403150

External Source: MISC

Name: http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

Hyperlink:http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

External Source: SECTRACK

Name: 1018822

Hyperlink:http://www.securitytracker.com/id?1018822

External Source: BID

Name: 25945

Hyperlink:http://www.securityfocus.com/bid/25945

External Source: HP

Name: SSRT071498

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/484186/100/0/threaded

External Source: HP

Name: HPSBST02291

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/484186/100/0/threaded

External Source: BUGTRAQ

Name: 20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482437/100/0/threaded

External Source: BUGTRAQ

Name: 20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482292/100/0/threaded

External Source: BUGTRAQ

Name: 20071011 M$ will fix URI?

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482090/100/0/threaded

External Source: BUGTRAQ

Name: 20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481887/100/0/threaded

External Source: BUGTRAQ

Name: 20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481881/100/0/threaded

External Source: BUGTRAQ

Name: 20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481871/100/0/threaded

External Source: BUGTRAQ

Name: 20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481867/100/0/threaded

External Source: BUGTRAQ

Name: 20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481846/100/0/threaded

External Source: BUGTRAQ

Name: 20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481839/100/0/threaded

External Source: BUGTRAQ

Name: 20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481680/100/0/threaded

External Source: BUGTRAQ

Name: 20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481671/100/0/threaded

External Source: BUGTRAQ

Name: 20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481664/100/0/threaded

External Source: BUGTRAQ

Name: 20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481624/100/0/threaded

External Source: BUGTRAQ

Name: 20071004 Re: 0day: mIRC pwns Windows

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481505/100/0/threaded

External Source: BUGTRAQ

Name: 20071004 Re[2]: 0day: mIRC pwns Windows

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/481493/100/100/threaded

External Source: MS

Name: MS07-061

Hyperlink:http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

External Source: MSKB

Name: 943521

Hyperlink:http://www.microsoft.com/technet/security/advisory/943521.mspx

External Source: MISC

Name: http://www.heise-security.co.uk/news/96982

Hyperlink:http://www.heise-security.co.uk/news/96982

External Source: SECTRACK

Name: 1018831

Hyperlink:http://securitytracker.com/id?1018831

External Source: SECUNIA

Name: 26201

Type: Advisory

Hyperlink:http://secunia.com/advisories/26201

External Source: FULLDISC

Name: 20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119180333805950&w=2

External Source: FULLDISC

Name: 20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119175323322021&w=2

External Source: FULLDISC

Name: 20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119171444628628&w=2

External Source: FULLDISC

Name: 20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119170531020020&w=2

External Source: FULLDISC

Name: 20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119168727402084&w=2

External Source: FULLDISC

Name: 20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=full-disclosure&m=119159477404263&w=2

External Source: BUGTRAQ

Name: 20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=bugtraq&m=119195904813505&w=2

External Source: BUGTRAQ

Name: 20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=bugtraq&m=119194714125580&w=2

External Source: BUGTRAQ

Name: 20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=bugtraq&m=119168062128026&w=2

External Source: BUGTRAQ

Name: 20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype

Hyperlink:http://marc.info/?l=bugtraq&m=119159924712561&w=2

External Source: BUGTRAQ

Name: 20071003 Re: 0day: mIRC pwns Windows

Hyperlink:http://marc.info/?l=bugtraq&m=119144449915918&w=2

External Source: BUGTRAQ

Name: 20071003 0day: mIRC pwns Windows

Hyperlink:http://marc.info/?l=bugtraq&m=119143780202107&w=2

External Source: MISC

Name: http://blogs.zdnet.com/security/?p=577

Hyperlink:http://blogs.zdnet.com/security/?p=577

US Government Resource: oval:org.mitre.oval:def:4581

Name: oval:org.mitre.oval:def:4581

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4581

References to Check Content

Identifier:oval:org.mitre.oval:def:4581

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4581