Vulnerability in N/a
CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI han…
EPSS: 0.836 (99.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW (mailing-list, x_refsource_BUGTRAQ)
- 20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (mailing-list, x_refsource_FULLDISC)
- 20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (mailing-list, x_refsource_BUGTRAQ)
- www.heise-security.co.uk/news/96982 (x_refsource_MISC)
- 20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (mailing-list, x_refsource_BUGTRAQ)
- 20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (mailing-list, x_refsource_BUGTRAQ)
- 20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype (mailing-list, x_refsource_BUGTRAQ)
- blogs.zdnet.com/security/ (x_refsource_MISC)
- 20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype (mailing-list, x_refsource_BUGTRAQ)
- HPSBST02291 (x_refsource_HP, vendor-advisory)