| Vulnerability Name: | CVE-2007-4042 (CCN-38322) | ||||||||
| Assigned: | 2007-07-24 | ||||||||
| Published: | 2007-07-24 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Netscape Web site Download Netscape Navigator Source: MITRE Type: CNA CVE-2007-4042 Source: OSVDB Type: UNKNOWN 46832 Source: CCN Type: OSVDB ID: 46832 Netscape Navigator Multiple URI Handlers NULL Byte Argument Injection Source: CCN Type: Billy (BK) Rios Blog, Tuesday, July 24th, 2007 Remote Command Exec (FireFox 2.0.0.5 et al) Source: MISC Type: UNKNOWN http://xs-sniper.com/blog/remote-command-exec-firefox-2005/ Source: XF Type: UNKNOWN netscape-uri-null-command-execution(38322) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||