CVE-2007-3924 — Argument Injection in Navigator
3 documents3 sources
Severity
9.3CRITICALNVD
CNA4.3
EPSS
8.0%
top 7.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 21
Latest updateMay 1
Description
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Ex…
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-mx2j-qfcf-xcrp: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows r↗2022-05-01
CVEList▶
CVE-2007-3924: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows r↗2007-07-21