HTTP: Multiple Browser URI Handlers Command Injection Vulnerabilities

This signature detects an attempt to leverage a known vulnerability in the way that some Microsoft Windows based software handles certain malformed URLs. An attacker can use a specially crafted URL to execute arbitrary commands on the affected system. Note that only Windows XP and Windows 2003 systems with Internet Explorer 7 are affected.

Extended Description

Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers. Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers. An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer. Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access. Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.

Affected Products

Mozilla thunderbird

References

BugTraq: 25053 25945

CVE: CVE-2007-3896

URL: http://xs-sniper.com/blog/remote-command-exec-firefox-2005/ http://blog.mozilla.com/security/2007/07/23/related-security-issue-in-url-protocol-handling-on-windows/ http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/

Short Name

HTTP:STC:URI-INJ

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Multiple Browser URI Handlers Command Injection Vulnerabilities

Extended Description

Affected Products

References

Found a potential security threat?