CVE-2007-4041

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Firefox
Vendor: CVE Published:; 27 July 2007

Summary

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

References

http://xs-sniper.com/blog/2007/07/24/remote-command-execu...

x_refsource_MISC

http://www.securityfocus.com/bid/25053

vdb-entryx_refsource_BID

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

x_refsource_MISC

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 27, 2007
Vulnerability Reserved
Jul 27, 2007

Collectors

NVD DatabaseMitre Database