CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*
OR cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/783400 - US Government Resource () http://www.kb.cert.org/vuls/id/783400 - US Government Resource
References () http://www.securityfocus.com/bid/25053 - () http://www.securityfocus.com/bid/25053 -
References () http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ - () http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/ -
References () http://xs-sniper.com/blog/remote-command-exec-firefox-2005/ - () http://xs-sniper.com/blog/remote-command-exec-firefox-2005/ -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=389106 - () https://bugzilla.mozilla.org/show_bug.cgi?id=389106 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=389580 - () https://bugzilla.mozilla.org/show_bug.cgi?id=389580 -

Information

Published : 2007-07-27 22:30

Updated : 2024-11-21 00:34


NVD link : CVE-2007-4041

Mitre link : CVE-2007-4041

CVE.ORG link : CVE-2007-4041


JSON object : View

Products Affected

microsoft

  • internet_explorer
  • windows_2003_server
  • windows_xp

mozilla

  • firefox
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')