Zero-day vulnerability in Windows

OS command injection

Vulnerability details

Advisory: SB2007101002 - Remote code execution via URI handlers in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2007-3896

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')


The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insufficient filtration of URIs in Shell32.dll when open applications via URL handlers (e.g. mailto:). A remote attacker can create a specially crafted URI, containing invalid sequence of % characters, trick the victim to click on it and execute arbitrary system commands with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Public Exploits: