CVE-2007-3924

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/26082	Vendor Advisory
http://sla.ckers.org/forum/read.php?3%2C13732%2C13739

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer::::::::
	cpe:2.3:a:netscape:navigator:9.0:beta2::::::

History

07 Nov 2023, 02:00

Type	Values Removed	Values Added
References	~~{'url': 'http://sla.ckers.org/forum/read.php?3,13732,13739', 'name': 'http://sla.ckers.org/forum/read.php?3,13732,13739', 'tags': [], 'refsource': 'MISC'}~~	() http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 -

23 Jul 2021, 15:12

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie::::::::	cpe:2.3:a:microsoft:internet_explorer::::::::

Information

Published : 2007-07-21 00:30

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3924

Mitre link : CVE-2007-3924

CVE.ORG link : CVE-2007-3924

JSON object : View

Products Affected

microsoft

internet_explorer

netscape

navigator

CWE

NVD-CWE-Other

{"id": "CVE-2007-3924", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-21T00:30:00.000", "references": [{"url": "http://secunia.com/advisories/26082", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la l\u00ednea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.\r\nNOTA: Se ha debatido si este asunto se produce en Explorer \u00f3 Netscape. En la fecha 20070713, la opini\u00f3n de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podr\u00eda aparecer con otros gestores de protocolos en IE.\r\n"}], "lastModified": "2023-11-07T02:00:56.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"}, {"criteria": "cpe:2.3:a:netscape:navigator:9.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25A764C3-EA07-4125-8456-554E1D12155F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}