CVE-2007-4040

Currently unrated

Key Information:

Vendor: Microsoft
Status: Outlook Express; Outlook
Vendor: CVE Published:; 27 July 2007

Summary

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

References

http://larholm.com/2007/07/25/mozilla-protocol-abuse/

x_refsource_MISC

http://seclists.org/fulldisclosure/2007/Jul/0557.html

mailing-listx_refsource_FULLDISC

EPSS Score

0% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 27, 2007

Collectors

NVD DatabaseMitre Database