Content
(MS07-061) Microsoft Windows URI Handling Vulnerability (943460)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- High
- CVE reference
- CVE-2007-3896,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Explorer 7,
- Windows XP SP2,
- Windows 2003 SP1 - SP2,
- Summary
- A vulnerability in Microsoft Windows may allow for remote code-execution attacks.
Tab Navigation
Description
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code execution. Successful exploitation would involve the use of certain protocol handlers in combination with certain characters in the URI, when using Internet Explorer. A documented example is the "mailto:" protocol handler when used with the "%" character in the URI. A user would need to be tricked into following a malicious URI or opening a maliciously crafted document.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (943460): http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-061) Microsoft Windows URI Handling Vulnerability (943460)
- Signature identifier:
- 5531
- Release date:
- 10/16/2007
McAfee Intrushield
This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution
- Signature identifier:
- 0x4023EB00
- Release date:
- 10/26/2007
- First released in:
- Sigset(s) 3.1.50.6, 4.1.13.4
Additional Resources
Firefox File Handling Woes
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/
Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.mspx
MSRC Blog: October 25th Update To Security Advisory 943521
Microsoft Security Bulletin: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx
All Information
Timeline -
11/13/2007
Vendor has provided a patch.
10/25/2007
Exploitation in-the-wild has been observed
10/10/2007
Vendor has provided information on the vulnerability.
9/1/2007
Vulnerability information has been publicly disclosed.
Description -
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code execution. Successful exploitation would involve the use of certain protocol handlers in combination with certain characters in the URI, when using Internet Explorer. A documented example is the "mailto:" protocol handler when used with the "%" character in the URI. A user would need to be tricked into following a malicious URI or opening a maliciously crafted document.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (943460): http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-061) Microsoft Windows URI Handling Vulnerability (943460)
- Signature identifier:
- 5531
- Release date:
- 10/16/2007
McAfee Intrushield
This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution
- Signature identifier:
- 0x4023EB00
- Release date:
- 10/26/2007
- First released in:
- Sigset(s) 3.1.50.6, 4.1.13.4
Additional Resources
Additional Resources -
Firefox File Handling Woes
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/
Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/943521.mspx
MSRC Blog: October 25th Update To Security Advisory 943521
Microsoft Security Bulletin: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx
