CVE

Id
27397  
CVE No.
CVE-2007-4040  
Status
Candidate  
Description
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.  
Phase
Assigned (20070727)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
281812 27397 CVE-2007-4040 FULLDISC:20070725 Mozilla protocol abuse  View
281813 27397 CVE-2007-4040 URL:http://seclists.org/fulldisclosure/2007/Jul/0557.html  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55499 JVNDB-2007-004191 Netscape Navigator 9 における任意のコマンドを実行される脆弱性 Netscape Navigator 9 は、引数を挿入されるため、任意のコマンドを実行される脆弱性が存在します。 CVE-2007-4042 27397 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004191.html  View