Signature Detail

HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (.vcf)

This signature detects attempts to exploit a known vulnerability Microsoft Windows. The issue exists in the interaction between ShellExecute and IE7 URLMon component when handling malformed URLs. A successful attack allows the attacker to execute arbitrary command on the client system within the context of the logged in user. Also, the behavior of the target is entirely dependent on the intended function of the executed command. The command in such a case would execute within the security context of the logged in user.

Extended Description

Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs. Known attack vectors include following URIs in these applications: - Mozilla Firefox in versions prior to 2.0.0.6 - Skype in versions prior to 3.5.0.239 - Adobe Acrobat Reader 8.1 - Miranda 0.7 - Netscape 7.1 - mIRC. NOTE: Attackers can exploit the issue in BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) as an attack vector for this issue.

Affected Products

• Avaya customer_interaction_express_(cie)_user_interface 1.0
• Avaya messaging_application_server MM 1.1
• Avaya messaging_application_server MM 2.0
• Avaya messaging_application_server MM 3.0
• Avaya messaging_application_server MM 3.1
• Avaya messaging_application_server
• Microsoft internet_explorer 7.0
• Nortel_networks centrex_ip_client_manager 2.5.0
• Nortel_networks centrex_ip_client_manager 7.0.0
• Nortel_networks centrex_ip_client_manager 8.0.0
• Nortel_networks centrex_ip_client_manager 9.0
• Nortel_networks centrex_ip_client_manager

References

• BugTraq: 25945
• CVE: CVE-2007-3896