fkie_cve-2007-1658
Vulnerability from fkie_nvd
Published
2007-03-24 19:19
Modified
2025-04-09 00:30
Severity ?
Summary
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.htmlExploit
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html
cve@mitre.orghttp://isc.sans.org/diary.html?storyid=2507
cve@mitre.orghttp://news.com.com/2100-1002_3-6170133.html
cve@mitre.orghttp://secunia.com/advisories/25639
cve@mitre.orghttp://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194
cve@mitre.orghttp://www.securityfocus.com/archive/1/471947/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/23103Exploit
cve@mitre.orghttp://www.securitytracker.com/id?1017816
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2154
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33167
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.org/diary.html?storyid=2507
af854a3a-2127-422b-91ae-364da2661108http://news.com.com/2100-1002_3-6170133.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25639
af854a3a-2127-422b-91ae-364da2661108http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9014194
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23103Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017816
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA07-163A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2154
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33167
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861
Impacted products
Vendor Product Version
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*",
              "matchCriteriaId": "CC3161FD-F631-405A-BE3A-0B78D5DCD7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:business:*:*:*:*:*",
              "matchCriteriaId": "BDDE7F1B-768A-4A53-8765-E48DEB0EF3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "8FF0D88B-821D-4E45-A2EC-5279B9190356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_basic:*:*:*:*:*",
              "matchCriteriaId": "1A9CAA2B-947F-47E8-A032-DFA2D1F05B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:home_premium:*:*:*:*:*",
              "matchCriteriaId": "4C17A747-EF5C-4852-89F7-DE45DDD6EB60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)."
    },
    {
      "lang": "es",
      "value": "Windows Mail en Microsoft Windows Vista podr\u00eda permitir a atacantes con la intervenci\u00f3n del usuario ejecutar ciertos programas a trav\u00e9s de un enlace a (1) un fichero local o (2) un nombre de ruta UNC compartido en el cual hay un directorio con el mismo nombre de base con un programa un programa ejecutable en el mismo nivel, como se demostr\u00f3 utilizando  C:/windows/system32/winrm (winrm.cmd) y migwiz (migwiz.exe).\r\n"
    }
  ],
  "id": "CVE-2007-1658",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-24T19:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://isc.sans.org/diary.html?storyid=2507"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.com.com/2100-1002_3-6170133.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0344.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0345.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0346.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.html?storyid=2507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.com.com/2100-1002_3-6170133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.computerworld.com/action/article.do?command=viewArticleBasic\u0026articleId=9014194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/23103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1861"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.