CVE-2007-3670

MEDIUM

Description

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

References

ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt

http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html

http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/

http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx

http://osvdb.org/38017

http://secunia.com/advisories/25984

http://secunia.com/advisories/26096

http://secunia.com/advisories/26149

http://secunia.com/advisories/26204

http://secunia.com/advisories/26216

http://secunia.com/advisories/26258

http://secunia.com/advisories/26271

http://secunia.com/advisories/26572

http://secunia.com/advisories/28179

http://secunia.com/advisories/28363

http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html

http://www.kb.cert.org/vuls/id/358017

http://www.mandriva.com/security/advisories?name=MDKSA-2007:152

http://www.mozilla.org/security/announce/2007/mfsa2007-23.html

http://www.mozilla.org/security/announce/2007/mfsa2007-40.html

http://www.novell.com/linux/security/advisories/2007_49_mozilla.html

http://www.securityfocus.com/archive/1/473276/100/0/threaded

http://www.securityfocus.com/bid/24837

http://www.securitytracker.com/id?1018351

http://www.securitytracker.com/id?1018360

http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/

http://www.ubuntu.com/usn/usn-503-1

http://www.us-cert.gov/cas/techalerts/TA07-199A.html

http://www.virusbtn.com/news/virus_news/2007/07_11.xml

http://www.vupen.com/english/advisories/2007/2473

http://www.vupen.com/english/advisories/2007/2565

http://www.vupen.com/english/advisories/2007/4272

http://www.vupen.com/english/advisories/2008/0082

http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/35346

Details

Source: MITRE

Published: 2007-07-10

Updated: 2018-10-15

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM