CVE-2007-3670

Microsoft Internet Explorer and Mozilla Firefox - URI Handler Command Injection

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

Una vulnerabilidad de inyección de argumentos en Microsoft Internet Explorer, cuando es ejecutado en sistemas con Firefox instalado y ciertos URIs registrados, permiten a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres de shell en un URI (1) FirefoxURL o (2) FirefoxHTML, que son insertadas en la línea de comandos que son creadas cuando se invoca el archivo firefox.exe. NOTA: se ha debatido si el problema está en Internet Explorer o Firefox. A partir de 20070711, la opinión de este CVE es que IE parece estar fallando en la delimitación apropiada del argumento de la URL al invocar a Firefox, y este problema podría surgir también con otros manejadores de protocolos en IE. Sin embargo, Mozilla ha declarado que abordará el problema con una "defense in depth" que "prevent IE from sending Firefox malicious data."

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-10 CVE Reserved
2007-07-10 CVE Published
2007-07-10 First Exploit
2024-08-07 CVE Updated
2024-10-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (40)

URL	Tag	Source
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt	X_refsource_confirm
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html	Mailing List
http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows	X_refsource_misc
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565	Third Party Advisory
http://larholm.com/2007/07/10/internet-explorer-0day-exploit	X_refsource_misc
http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx	X_refsource_misc
http://osvdb.org/38017	Vdb Entry
http://secunia.com/advisories/28179	Third Party Advisory
http://secunia.com/advisories/28363	Third Party Advisory
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html	X_refsource_confirm
http://www.kb.cert.org/vuls/id/358017	Third Party Advisory
http://www.mozilla.org/security/announce/2007/mfsa2007-23.html	X_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-40.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/473276/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/24837	Vdb Entry
http://www.securitytracker.com/id?1018351	Vdb Entry
http://www.securitytracker.com/id?1018360	Vdb Entry
http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln	X_refsource_misc
http://www.us-cert.gov/cas/techalerts/TA07-199A.html	Third Party Advisory
http://www.virusbtn.com/news/virus_news/2007/07_11.xml	X_refsource_misc
http://www.vupen.com/english/advisories/2007/2473	Vdb Entry
http://www.vupen.com/english/advisories/2007/2565	Vdb Entry
http://www.vupen.com/english/advisories/2007/4272	Vdb Entry
http://www.vupen.com/english/advisories/2008/0082	Vdb Entry
http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/35346	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/30285	2007-07-10

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2021-07-23
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	2021-07-23
http://secunia.com/advisories/25984	2021-07-23
http://secunia.com/advisories/26096	2021-07-23
http://secunia.com/advisories/26149	2021-07-23
http://secunia.com/advisories/26204	2021-07-23
http://secunia.com/advisories/26216	2021-07-23
http://secunia.com/advisories/26258	2021-07-23
http://secunia.com/advisories/26271	2021-07-23
http://secunia.com/advisories/26572	2021-07-23
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152	2021-07-23
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html	2021-07-23
http://www.ubuntu.com/usn/usn-503-1	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"		sp1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta2		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta3		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				*		-		Affected