9.3
CVE-2007-4841
- EPSS 2.65%
- Veröffentlicht 12.09.2007 20:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.65% | 0.836 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.vupen.com/english/advisories/2008/0083
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/27414
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.vupen.com/english/advisories/2007/3544
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27360
http://secunia.com/advisories/28398
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.vupen.com/english/advisories/2008/0082
http://secunia.com/advisories/28363
http://secunia.com/advisories/27744
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
http://www.securityfocus.com/bid/25543
http://xs-sniper.com/blog/2007/09/01/firefox-file-handling-woes/