CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*
OR cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

History

No history.

Information

Published : 2007-07-27 22:30

Updated : 2024-02-28 11:01


NVD link : CVE-2007-4041

Mitre link : CVE-2007-4041

CVE.ORG link : CVE-2007-4041


JSON object : View

Products Affected

microsoft

  • windows_xp
  • internet_explorer
  • windows_2003_server

mozilla

  • firefox
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')