CVE-2007-4042 - Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execut

CVE-2007-4042

Summary

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 15:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc	http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
osvdb	46832

Last major update

23-07-2021 - 15:04

Published

27-07-2007 - 22:30

Last modified

23-07-2021 - 15:04