Vulnerability Description
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | All versions |
| Mozilla | Seamonkey | All versions |
Related Weaknesses (CWE)
References
- http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/
- http://www.securityfocus.com/bid/25021
- http://larholm.com/2007/07/23/seamonkey-suite-affected-by-url-vulnerability/
- http://www.securityfocus.com/bid/25021
FAQ
What is CVE-2007-3954?
CVE-2007-3954 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scriptin...
How severe is CVE-2007-3954?
CVE-2007-3954 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3954?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Mozilla Seamonkey.