CVE-2007-3924
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Vulnerabilidad de inyección de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elección mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la línea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.
NOTA: Se ha debatido si este asunto se produce en Explorer ó Netscape. En la fecha 20070713, la opinión de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podría aparecer con otros gestores de protocolos en IE.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-20 CVE Reserved
- 2007-07-21 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/26082 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | * | - |
Affected
| ||||||
Netscape Search vendor "Netscape" | Navigator Search vendor "Netscape" for product "Navigator" | 9.0 Search vendor "Netscape" for product "Navigator" and version "9.0" | beta2 |
Affected
|