Argument Injection Vulnerability in Microsoft Outlook and Outlook Express
CVE-2007-4040

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Outlook Express; Outlook
Vendor: CVE Published:; 27 July 2007

Summary

The vulnerability present in Microsoft Outlook and Outlook Express allows remote attackers to exploit registered URIs to inject shell metacharacters. When invoked, these characters can manipulate the command line used by the email clients, potentially resulting in unauthorized code execution or cross-browser scripting attacks. This issue underscores the importance of secure handling of URIs and command line inputs in application processes.

References

http://larholm.com/2007/07/25/mozilla-protocol-abuse/

x_refsource_MISC

http://seclists.org/fulldisclosure/2007/Jul/0557.html

mailing-listx_refsource_FULLDISC

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 27, 2007