CVE-2007-4042 — Argument Injection in Navigator

3 documents3 sources

Severity

7.5HIGHNVD

CNA4.3

EPSS

4.4%

top 10.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Netscape Navigator

Timeline

PublishedJul 27

Latest updateMay 1

Description

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDnetscape/navigator9.0

▶NVDmicrosoft/internet_explorer7

🔴Vulnerability Details

GHSA

GHSA-5457-v8jm-4679: Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and she↗2022-05-01

▶

CVEList

CVE-2007-4042: Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and she↗2007-07-27

▶