CVE-2007-3896

Description

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.

Category

9.3
CVSS
Severity: Critical
CVSS 2.0 •
EPSS 81.99% Top 5%
Vendor Advisory securityfocus.com Vendor Advisory microsoft.com Vendor Advisory microsoft.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.securityfocus.com/archive/1/482437/100/0/threaded mailing list
http://marc.info/?l=full-disclosure&m=119159477404263&w=2 mailing list
http://www.securityfocus.com/archive/1/481871/100/0/threaded mailing list
http://www.heise-security.co.uk/news/96982
http://www.securityfocus.com/archive/1/481680/100/0/threaded mailing list
http://www.securityfocus.com/archive/1/481664/100/0/threaded mailing list
http://marc.info/?l=bugtraq&m=119159924712561&w=2 mailing list
http://blogs.zdnet.com/security/?p=577
http://www.securityfocus.com/archive/1/481867/100/0/threaded mailing list
http://www.securityfocus.com/archive/1/484186/100/0/threaded vendor advisory
http://secunia.com/advisories/26201 third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=119168062128026&w=2 mailing list
http://marc.info/?l=full-disclosure&m=119171444628628&w=2 mailing list
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581 vdb entry signature
http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
http://marc.info/?l=full-disclosure&m=119175323322021&w=2 mailing list
http://www.securityfocus.com/archive/1/481846/100/0/threaded mailing list
http://securitytracker.com/id?1018831 vdb entry
http://marc.info/?l=bugtraq&m=119194714125580&w=2 mailing list
http://marc.info/?l=full-disclosure&m=119168727402084&w=2 mailing list
http://www.securityfocus.com/archive/1/481881/100/0/threaded mailing list
http://www.securityfocus.com/archive/1/481671/100/0/threaded mailing list
http://www.securityfocus.com/archive/1/481839/100/0/threaded mailing list
http://www.us-cert.gov/cas/techalerts/TA07-317A.html third party advisory us government resource
http://marc.info/?l=full-disclosure&m=119180333805950&w=2 mailing list
http://www.microsoft.com/technet/security/advisory/943521.mspx vendor advisory
http://www.securityfocus.com/archive/1/481493/100/100/threaded mailing list
http://www.securityfocus.com/archive/1/481624/100/0/threaded mailing list
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061 vendor advisory
http://www.securityfocus.com/bid/25945 vdb entry
http://www.securityfocus.com/archive/1/481887/100/0/threaded mailing list
http://www.securityfocus.com/archive/1/482292/100/0/threaded mailing list
http://www.kb.cert.org/vuls/id/403150 third party advisory us government resource
http://www.securityfocus.com/archive/1/482090/100/0/threaded mailing list
http://marc.info/?l=bugtraq&m=119143780202107&w=2 mailing list
http://www.securityfocus.com/archive/1/481505/100/0/threaded mailing list
http://marc.info/?l=bugtraq&m=119195904813505&w=2 mailing list
http://marc.info/?l=full-disclosure&m=119170531020020&w=2 mailing list
http://marc.info/?l=bugtraq&m=119144449915918&w=2 mailing list
http://www.securitytracker.com/id?1018822 vdb entry

Frequently Asked Questions

What is the severity of CVE-2007-3896?
CVE-2007-3896 has been scored as a critical severity vulnerability.
How to fix CVE-2007-3896?
To fix CVE-2007-3896, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-3896 being actively exploited in the wild?
It is possible that CVE-2007-3896 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~82% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.