Windows URI Handling VulnerabilityID: oval:org.mitre.oval:def:4581 | Date: (C)2007-11-15 (M)2022-03-21 |
Class: VULNERABILITY | Family: windows |
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "\\\%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
Platform: |
Microsoft Windows XP |
Microsoft Windows Server 2003 |