MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

High Nessus Plugin ID 28183


Vulnerabilities in the Windows Shell may allow a user to elevate his privileges.


The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it handles URI.

An attacker might use this flaw to execute arbitrary commands on the remote host using attack vectors such as IE or other tools.


Microsoft has released a set of patches for Windows XP and 2003.

See Also

Plugin Details

Severity: High

ID: 28183

File Name: smb_nt_ms07-061.nasl

Version: $Revision: 1.35 $

Type: local

Agent: windows

Published: 2007/11/13

Modified: 2017/08/10

Dependencies: 13855, 57033

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/11/13

Vulnerability Publication Date: 2007/07/25

Exploitable With


Reference Information

CVE: CVE-2007-3896

BID: 25945

OSVDB: 41090

MSFT: MS07-061

MSKB: 943460

CERT: 403150

EDB-ID: 30645

CWE: 20