Content

(MS07-061) Microsoft Windows URI Handling Vulnerability (943460)

Type
Logic error
Impact of exploitation
Remote Code Execution
User Interaction
user interaction is needed
Attack Vector
Website or e-mail with malicious content
Rating
High
CVE reference
CVE-2007-3896,
Vendor Status
Responded and patched
Vulnerable systems
Internet Explorer  7,
Windows XP  SP2,
Windows 2003  SP1 - SP2,
Summary
A vulnerability in Microsoft Windows may allow for remote code-execution attacks.

Tab Navigation

Description

Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code execution. Successful exploitation would involve the use of certain protocol handlers in combination with certain characters in the URI, when using Internet Explorer. A documented example is the "mailto:" protocol handler when used with the "%" character in the URI. A user would need to be tricked into following a malicious URI or opening a maliciously crafted document.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (943460): http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-061) Microsoft Windows URI Handling Vulnerability (943460)
Signature identifier:
5531
Release date:
10/16/2007
McAfee Intrushield

This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:
HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution
Signature identifier:
0x4023EB00
Release date:
10/26/2007
First released in:
Sigset(s) 3.1.50.6, 4.1.13.4

Additional Resources

Firefox File Handling Woes

http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/943521.mspx

MSRC Blog: October 25th Update To Security Advisory 943521

http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx

Microsoft Security Bulletin: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

All Information

Timeline -

11/13/2007

Vendor has provided a patch.

10/25/2007

Exploitation in-the-wild has been observed

10/10/2007

Vendor has provided information on the vulnerability.

9/1/2007

Vulnerability information has been publicly disclosed.

Description -

Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code execution. Successful exploitation would involve the use of certain protocol handlers in combination with certain characters in the URI, when using Internet Explorer. A documented example is the "mailto:" protocol handler when used with the "%" character in the URI. A user would need to be tricked into following a malicious URI or opening a maliciously crafted document.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (943460): http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS07-061) Microsoft Windows URI Handling Vulnerability (943460)
Signature identifier:
5531
Release date:
10/16/2007
McAfee Intrushield

This signature provides partial coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:
HTTP: Microsoft Windows ShellExecute and IE7 URL Handling Code Execution
Signature identifier:
0x4023EB00
Release date:
10/26/2007
First released in:
Sigset(s) 3.1.50.6, 4.1.13.4

Additional Resources

Additional Resources -

Firefox File Handling Woes

http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/

Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/943521.mspx

MSRC Blog: October 25th Update To Security Advisory 943521

http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx

Microsoft Security Bulletin: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx