Vulnerability Description
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | All versions |
| Netscape | Navigator | 9.0 |
References
- http://secunia.com/advisories/26082Vendor Advisory
- http://sla.ckers.org/forum/read.php?3%2C13732%2C13739
- http://secunia.com/advisories/26082Vendor Advisory
- http://sla.ckers.org/forum/read.php?3%2C13732%2C13739
FAQ
What is CVE-2007-3924?
CVE-2007-3924 is a vulnerability with a CVSS score of 9.3 (HIGH). Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting...
How severe is CVE-2007-3924?
CVE-2007-3924 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3924?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Netscape Navigator.