Command Injection Vulnerability in Netscape Navigator 9
CVE-2007-4042

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Navigator
Vendor: CVE Published:; 27 July 2007

Summary

Netscape Navigator 9 contains multiple argument injection vulnerabilities that can be exploited by remote attackers. By injecting a NULL byte (%00) and utilizing shell metacharacters within specific URI types such as mailto, nntp, news, snews, or telnet, an attacker can execute arbitrary commands on vulnerable systems. This vulnerability poses significant risks, enabling unauthorized command execution and potential system compromise.

References

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/

x_refsource_MISC

http://osvdb.org/46832

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 27, 2007
Vulnerability Reserved
Jul 27, 2007