cvelistv5 - cve-2007-3670

CVE-2007-3670 (GCVE-0-2007-3670)

Vulnerability from cvelistv5

Published

2007-07-10 19:00

Modified

2024-08-07 14:28

Severity ?

CWE

Summary

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2473	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-503-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id?1018360	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1018351	vdb-entry, x_refsource_SECTRACK
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	vendor-advisory, x_refsource_HP
	http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/	x_refsource_MISC
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:152	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/25984	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35346	vdb-entry, x_refsource_XF
	http://www.us-cert.gov/cas/techalerts/TA07-199A.html	third-party-advisory, x_refsource_CERT
	http://secunia.com/advisories/28179	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/24837	vdb-entry, x_refsource_BID
	http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx	x_refsource_MISC
	http://secunia.com/advisories/26216	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579	vendor-advisory, x_refsource_HP
	http://www.virusbtn.com/news/virus_news/2007/07_11.xml	x_refsource_MISC
	http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/	x_refsource_MISC
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565	third-party-advisory, x_refsource_IDEFENSE
	http://www.vupen.com/english/advisories/2007/2565	vdb-entry, x_refsource_VUPEN
	http://www.mozilla.org/security/announce/2007/mfsa2007-40.html	x_refsource_CONFIRM
	http://secunia.com/advisories/26149	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0082	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/38017	vdb-entry, x_refsource_OSVDB
	http://www.mozilla.org/security/announce/2007/mfsa2007-23.html	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/358017	third-party-advisory, x_refsource_CERT-VN
	http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/4272	vdb-entry, x_refsource_VUPEN
	http://larholm.com/2007/07/10/internet-explorer-0day-exploit/	x_refsource_MISC
	http://www.novell.com/linux/security/advisories/2007_49_mozilla.html	vendor-advisory, x_refsource_SUSE
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt	x_refsource_CONFIRM
	http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html	mailing-list, x_refsource_FULLDISC
	http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html	x_refsource_CONFIRM
	http://secunia.com/advisories/26258	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28363	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/473276/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/26271	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26204	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26572	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/26096	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2473",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2473"
          },
          {
            "name": "USN-503-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-503-1"
          },
          {
            "name": "1018360",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018360"
          },
          {
            "name": "1018351",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018351"
          },
          {
            "name": "HPSBUX02156",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:152",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
          },
          {
            "name": "25984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25984"
          },
          {
            "name": "ie-firefoxurl-command-execution(35346)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
          },
          {
            "name": "TA07-199A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
          },
          {
            "name": "28179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28179"
          },
          {
            "name": "24837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24837"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
          },
          {
            "name": "26216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26216"
          },
          {
            "name": "SSRT061236",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
          },
          {
            "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
          },
          {
            "name": "ADV-2007-2565",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2565"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
          },
          {
            "name": "26149",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26149"
          },
          {
            "name": "ADV-2008-0082",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0082"
          },
          {
            "name": "38017",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38017"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
          },
          {
            "name": "VU#358017",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/358017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
          },
          {
            "name": "ADV-2007-4272",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4272"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
          },
          {
            "name": "SUSE-SA:2007:049",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
          },
          {
            "name": "26258",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26258"
          },
          {
            "name": "28363",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28363"
          },
          {
            "name": "20070710 Internet Explorer 0day exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
          },
          {
            "name": "26271",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26271"
          },
          {
            "name": "26204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26204"
          },
          {
            "name": "26572",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26572"
          },
          {
            "name": "26096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2473",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2473"
        },
        {
          "name": "USN-503-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-503-1"
        },
        {
          "name": "1018360",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018360"
        },
        {
          "name": "1018351",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018351"
        },
        {
          "name": "HPSBUX02156",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "MDKSA-2007:152",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
        },
        {
          "name": "25984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25984"
        },
        {
          "name": "ie-firefoxurl-command-execution(35346)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
        },
        {
          "name": "TA07-199A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
        },
        {
          "name": "28179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28179"
        },
        {
          "name": "24837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24837"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
        },
        {
          "name": "26216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26216"
        },
        {
          "name": "SSRT061236",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
        },
        {
          "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
        },
        {
          "name": "ADV-2007-2565",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2565"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
        },
        {
          "name": "26149",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26149"
        },
        {
          "name": "ADV-2008-0082",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0082"
        },
        {
          "name": "38017",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38017"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
        },
        {
          "name": "VU#358017",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/358017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
        },
        {
          "name": "ADV-2007-4272",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4272"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
        },
        {
          "name": "SUSE-SA:2007:049",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
        },
        {
          "name": "26258",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26258"
        },
        {
          "name": "28363",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28363"
        },
        {
          "name": "20070710 Internet Explorer 0day exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
        },
        {
          "name": "26271",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26271"
        },
        {
          "name": "26204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26204"
        },
        {
          "name": "26572",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26572"
        },
        {
          "name": "26096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3670",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE\u0027s opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2473",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2473"
            },
            {
              "name": "USN-503-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-503-1"
            },
            {
              "name": "1018360",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018360"
            },
            {
              "name": "1018351",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018351"
            },
            {
              "name": "HPSBUX02156",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
              "refsource": "MISC",
              "url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "MDKSA-2007:152",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
            },
            {
              "name": "25984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25984"
            },
            {
              "name": "ie-firefoxurl-command-execution(35346)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
            },
            {
              "name": "TA07-199A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
            },
            {
              "name": "28179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28179"
            },
            {
              "name": "24837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24837"
            },
            {
              "name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
              "refsource": "MISC",
              "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
            },
            {
              "name": "26216",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26216"
            },
            {
              "name": "SSRT061236",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
            },
            {
              "name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
              "refsource": "MISC",
              "url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
            },
            {
              "name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
            },
            {
              "name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
            },
            {
              "name": "ADV-2007-2565",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2565"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
            },
            {
              "name": "26149",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26149"
            },
            {
              "name": "ADV-2008-0082",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0082"
            },
            {
              "name": "38017",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38017"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
            },
            {
              "name": "VU#358017",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/358017"
            },
            {
              "name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
              "refsource": "MISC",
              "url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
            },
            {
              "name": "ADV-2007-4272",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4272"
            },
            {
              "name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
              "refsource": "MISC",
              "url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
            },
            {
              "name": "SUSE-SA:2007:049",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
            },
            {
              "name": "26258",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26258"
            },
            {
              "name": "28363",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28363"
            },
            {
              "name": "20070710 Internet Explorer 0day exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
            },
            {
              "name": "26271",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26271"
            },
            {
              "name": "26204",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26204"
            },
            {
              "name": "26572",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26572"
            },
            {
              "name": "26096",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3670",
    "datePublished": "2007-07-10T19:00:00.000Z",
    "dateReserved": "2007-07-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:28:51.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-318

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. L'exploitation de celles-ci peuvent conduire une personne malveillante à exécuter du code arbitraire, à interrompre le service, ou à récupérer des informations confidentielles sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Mozilla Firefox. Elles ont fait l'objet de l'alerte CERTA-2007-ALE-012. Parmi celles-ci :

le navigateur pourrait sous certaines conditions se fermer, ou dysfonctionner, suite à des corruptions de mémoire possibles ;
une situation de compétition existerait entre les deux fonctions addEventListener et setTimeout. L'exploitation de celle-ci permettrait d'injecter du code, de manière indirecte, dans le contexte d'un autre site (attaque XSS) ;
une situation de compétition permettrait de modifier le contenu des cadres about:blank de la page. L'exploitation de cette vulnérabilité modifie l'apparence d'un site, dans le cadre d'attaques par filoutage par exemple ;
il est possible d'appeler les fonctions de manipulation d'événements pour des éléments qui sont indépendants du document, ce qui laisse l'opportunité à des personnes malveillantes d'exécuter des commandes arbitraires avec les droits chrome ;
l'interprétation de certaines adresses réticulaires comprenant le caractère %00 ne serait pas cohérente avec celle effectuée par Microsoft. Cette vulnérabilité permet ainsi à une personne locale au système d'exécuter des programmes avec des privilèges plus élevés, comme ceux de l'administrateur ;
il est possible d'appeler Firefox par le biais d'Internet Explorer. Ce problème a été décrit en particulier dans le bulletin d'actualité CERTA-2007-ACT-028 ;
il est possible de contourner la politique du navigateur qui vérifie la cohérence entre les sources des éléments (Same-Origin Policy), en accédant à certaines données en cache par le biais de la commande wyciwyg://. Une personne malveillante peut ainsi avoir accès à des informations confidentielles ou corrompre les fichiers en cache ;
il serait possible, par le biais du navigateur, de modifier XPCNativeWrapper afin d'exécuter à la place un code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Les versions de Mozilla Firefox antérieures à 2.0.0.5.

References

Title

Publication Time

Tags

Bulletin de mises à jour Mozilla du 18 juillet 2007	None	vendor-advisory
Avis de sécurité Mozilla MFSA2007-22 du 17 juillet 2007 :	-	other
Bulletin de sécurité Debian DSA-1338 du 23 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-19 du 17 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-21 du 17 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-24 du 17 juillet 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0723 du 18 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-25 du 17 juillet 2007 :	-	other
Bulletin de sécurité Ubuntu USN-490-1 du 19 juillet 2007 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0724 du 18 juillet 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:152 du 01 août 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200708-09 du 14 août 2007 :	-	other
Bulletin de sécurité Debian DSA-1337 du 22 juillet 2007 :	-	other
Bulletin de sécurité Ubuntu USN-503-1 du 24 août 2007 :	-	other
Bulletin de sécurité Debian DSA-1339 du 23 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-18 du 17 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-20 du 17 juillet 2007 :	-	other
Avis de sécurité Mozilla MFSA2007-23 du 17 juillet 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SR:2007:049 du 02 août 2007 :	-	other
Les avis de sécurité Mozilla :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0722 du 18 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions de Mozilla Firefox ant\u00e9rieures \u00e0 2.0.0.5.",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Mozilla Firefox. Elles\nont fait l\u0027objet de l\u0027alerte CERTA-2007-ALE-012. Parmi celles-ci :\n\n-   le navigateur pourrait sous certaines conditions se fermer, ou\n    dysfonctionner, suite \u00e0 des corruptions de m\u00e9moire possibles ;\n-   une situation de comp\u00e9tition existerait entre les deux fonctions\n    addEventListener et setTimeout. L\u0027exploitation de celle-ci\n    permettrait d\u0027injecter du code, de mani\u00e8re indirecte, dans le\n    contexte d\u0027un autre site (attaque XSS) ;\n-   une situation de comp\u00e9tition permettrait de modifier le contenu des\n    cadres about:blank de la page. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    modifie l\u0027apparence d\u0027un site, dans le cadre d\u0027attaques par\n    filoutage par exemple ;\n-   il est possible d\u0027appeler les fonctions de manipulation d\u0027\u00e9v\u00e9nements\n    pour des \u00e9l\u00e9ments qui sont ind\u00e9pendants du document, ce qui laisse\n    l\u0027opportunit\u00e9 \u00e0 des personnes malveillantes d\u0027ex\u00e9cuter des commandes\n    arbitraires avec les droits chrome ;\n-   l\u0027interpr\u00e9tation de certaines adresses r\u00e9ticulaires comprenant le\n    caract\u00e8re %00 ne serait pas coh\u00e9rente avec celle effectu\u00e9e par\n    Microsoft. Cette vuln\u00e9rabilit\u00e9 permet ainsi \u00e0 une personne locale au\n    syst\u00e8me d\u0027ex\u00e9cuter des programmes avec des privil\u00e8ges plus \u00e9lev\u00e9s,\n    comme ceux de l\u0027administrateur ;\n-   il est possible d\u0027appeler Firefox par le biais d\u0027Internet Explorer.\n    Ce probl\u00e8me a \u00e9t\u00e9 d\u00e9crit en particulier dans le bulletin d\u0027actualit\u00e9\n    CERTA-2007-ACT-028 ;\n-   il est possible de contourner la politique du navigateur qui v\u00e9rifie\n    la coh\u00e9rence entre les sources des \u00e9l\u00e9ments (Same-Origin Policy), en\n    acc\u00e9dant \u00e0 certaines donn\u00e9es en cache par le biais de la commande\n    wyciwyg://. Une personne malveillante peut ainsi avoir acc\u00e8s \u00e0 des\n    informations confidentielles ou corrompre les fichiers en cache ;\n-   il serait possible, par le biais du navigateur, de modifier\n    XPCNativeWrapper afin d\u0027ex\u00e9cuter \u00e0 la place un code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur Mozilla pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3734"
    },
    {
      "name": "CVE-2007-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3737"
    },
    {
      "name": "CVE-2007-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3656"
    },
    {
      "name": "CVE-2007-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3089"
    },
    {
      "name": "CVE-2007-3285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3285"
    },
    {
      "name": "CVE-2007-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3738"
    },
    {
      "name": "CVE-2007-3670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3670"
    },
    {
      "name": "CVE-2007-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3736"
    },
    {
      "name": "CVE-2007-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3735"
    }
  ],
  "initial_release_date": "2007-07-18T00:00:00",
  "last_revision_date": "2007-08-27T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-22 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-22.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1338 du 23 juillet 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1338"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-19 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-19.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-21 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-21.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-24 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-24.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0723 du 18 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0723.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-25 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-25.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-490-1 du 19 juillet 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-490-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0724 du 18 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0724.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:152 du 01 ao\u00fbt    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200708-09 du 14 ao\u00fbt 2007    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1337 du 22 juillet 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1337"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-503-1 du 24 ao\u00fbt 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-503-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1339 du 23 juillet 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1339"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-18 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-18.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-20 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla MFSA2007-23 du 17 juillet 2007 :",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2007:049 du 02 ao\u00fbt 2007    :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00002.html"
    },
    {
      "title": "Les avis de s\u00e9curit\u00e9 Mozilla :",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0722 du 18 juillet    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0722.html"
    }
  ],
  "reference": "CERTA-2007-AVI-318",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-18T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian, Mandriva, Red Hat, SuSE et Ubuntu.",
      "revision_date": "2007-08-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Mozilla Firefox. Elles\nont fait l\u0027objet de l\u0027alerte CERTA-2007-ALE-012. L\u0027exploitation de\ncelles-ci peuvent conduire une personne malveillante \u00e0 ex\u00e9cuter du code\narbitraire, \u00e0 interrompre le service, ou \u00e0 r\u00e9cup\u00e9rer des informations\nconfidentielles sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mises \u00e0 jour Mozilla du 18 juillet 2007",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3670 (GCVE-0-2007-3670)

Vulnerability from cvelistv5

CERTA-2007-AVI-318

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature