Alerts
Alerts
Zero-Day Tracker
Common Name:
Windows URI Protocol Handling
Date Disclosed:
7/25/2007
Date Patched:
11/13/2007
Vendor:
Microsoft
Application:
Windows XP
Windows 2003
*NOTE: Microsoft Internet Explorer 7 Must Be Installed
Description:
A zero-day arbitrary command execution vulnerability exists within Internet Explorer 7 allowing a remote attacker to execute arbitrary commands with parameters. This vulnerability allows for drive-by exploitation to automatically download and execute malicious binaries, thereby compromising many hosts with a simple exploit. Since the exploit is not memory-corruption-based in nature, the technical expertise required to generate a tailored exploit is minimal. Furthermore, the exploit vectors are incredibly plentiful, ranging from Microsoft Outlook, Firefox, Adobe Acrobat/Reader, Opera, Skype, mIRC, Miranda, Netscape Navigator, as well as many undisclosed/undiscovered vectors still vulnerable.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
The exploitation of this vulnerability could allow for the execution of arbitrary code under the context of the logged in user. If the logged in user is part of the Administrators group, or a local privilege escalation is coupled with this vulnerability, a full system-compromise could be accomplished by the attacker.
Mitigation:
At this moment, the best form of mitigation is to upgrade exploit vectors as they become patched. Considering the severity of this vulnerability and the lack of skill necessary to develop tailored exploits, there is a high likelihood that Microsoft will be putting out a patch November 13th, that date of the next Patch Tuesday.
Protection:
Patch:
MS07-061
Links:
Original Vulnerability Disclosure
CVE-2007-3896
CVE-2007-4041
CVE-2007-5020
Vendor Response
Status:
7/25/2007: Vulnerability / Reproduction Details Released
10/3/2007 - 10/9/2007 Other Exploit Vectors Released
10/10/2007: Microsoft KB943521 Released.
11/13/2007: Microsoft MS07-061 Released
Common Name:
Windows URI Protocol Handling
Date Disclosed:
7/25/2007
Date Patched:
11/13/2007
Vendor:
Microsoft
Application:
Windows XP
Windows 2003
*NOTE: Microsoft Internet Explorer 7 Must Be Installed
Description:
A zero-day arbitrary command execution vulnerability exists within Internet Explorer 7 allowing a remote attacker to execute arbitrary commands with parameters. This vulnerability allows for drive-by exploitation to automatically download and execute malicious binaries, thereby compromising many hosts with a simple exploit. Since the exploit is not memory-corruption-based in nature, the technical expertise required to generate a tailored exploit is minimal. Furthermore, the exploit vectors are incredibly plentiful, ranging from Microsoft Outlook, Firefox, Adobe Acrobat/Reader, Opera, Skype, mIRC, Miranda, Netscape Navigator, as well as many undisclosed/undiscovered vectors still vulnerable.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
The exploitation of this vulnerability could allow for the execution of arbitrary code under the context of the logged in user. If the logged in user is part of the Administrators group, or a local privilege escalation is coupled with this vulnerability, a full system-compromise could be accomplished by the attacker.
Mitigation:
At this moment, the best form of mitigation is to upgrade exploit vectors as they become patched. Considering the severity of this vulnerability and the lack of skill necessary to develop tailored exploits, there is a high likelihood that Microsoft will be putting out a patch November 13th, that date of the next Patch Tuesday.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Patch:
MS07-061
Links:
Original Vulnerability Disclosure
CVE-2007-3896
CVE-2007-4041
CVE-2007-5020
Vendor Response
Status:
7/25/2007: Vulnerability / Reproduction Details Released
10/3/2007 - 10/9/2007 Other Exploit Vectors Released
10/10/2007: Microsoft KB943521 Released.
11/13/2007: Microsoft MS07-061 Released
