Signature Detail

HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution (.vcf)

This signature detects attempts to exploit a known vulnerability Microsoft Windows. The issue exists in the interaction between ShellExecute and IE7 URLMon component when handling malformed URLs. A successful attack allows the attacker to execute arbitrary command on the client system within the context of the logged in user. Also, the behavior of the target is entirely dependent on the intended function of the executed command. The command in such a case would execute within the security context of the logged in user.

Extended Description

Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs. Known attack vectors include following URIs in these applications: - Mozilla Firefox in versions prior to 2.0.0.6 - Skype in versions prior to 3.5.0.239 - Adobe Acrobat Reader 8.1 - Miranda 0.7 - Netscape 7.1 - mIRC. NOTE: Attackers can exploit the issue in BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) as an attack vector for this issue.

Affected Products

• Avaya Customer Interaction Express (CIE) User Interface 1.0
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Internet Explorer 7.0
• Nortel Networks Centrex IP Client Manager 2.5.0
• Nortel Networks Centrex IP Client Manager 7.0.0
• Nortel Networks Centrex IP Client Manager 8.0.0
• Nortel Networks Centrex IP Client Manager 9.0
• Nortel Networks Centrex IP Client Manager

References

• BugTraq: 25945
• CVE: CVE-2007-3896