CVE-2007-4042

2007-07-2722:30:00

mitre

web.nvd.nist.gov

netscape navigator 9

cve-2007-4042

argument injection

remote attackers

arbitrary commands

null byte

shell metacharacters

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.572

Percentile

97.7%

JSON

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2datacenter_edition

microsoftwindows_2003_serversp2enterprise_edition

microsoftwindows_2003_serversp2standard_edition

microsoftwindows_2003_serversp2web_edition

microsoftwindows_xpsp2home_edition

microsoftwindows_xpsp2professional_edition

AND

microsoftinternet_explorerMatch7

netscapenavigatorMatch9.0

VendorProductVersionCPE
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
netscapenavigator9.0cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:datacenter_edition:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:enterprise_edition:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:standard_edition:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:web_edition:::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2:home_edition:::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2:professional_edition:::::
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
netscape	navigator	9.0	cpe:2.3:a:netscape:navigator:9.0:::::::*