Vulnerability Name:

CVE-2007-3924 (CCN-36003)

Assigned:2007-07-13
Published:2007-07-13
Updated:2021-07-23
Summary:Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.
Note: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Netscape Web page
Download Netscape Navigator :: Netscape Navigator Web Browser

Source: MITRE
Type: CNA
CVE-2007-3924

Source: CCN
Type: SA26082
Netscape "navigatorurl" URI Handler Registration Vulnerability

Source: SECUNIA
Type: Vendor Advisory
26082

Source: CCN
Type: sla.ckers.org web application security forum, July 13, 2007 10:26PM
Cross Browser Scripting 2 (IE pwns Netscape Navigator 9)

Source: MISC
Type: UNKNOWN
http://sla.ckers.org/forum/read.php?3,13732,13739

Source: XF
Type: UNKNOWN
ie-netscape-command-execution(36003)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:9.0:beta2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer *
    netscape navigator 9.0 beta2
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 7.0 beta2
    microsoft ie 7.0
    microsoft ie 7.0 beta1
    microsoft ie 7.0 beta3