Vulnerabilities > CVE-2007-4042

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

microsoft

netscape

NVD

Published: 2007-07-27

Updated: 2021-07-23

Summary

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2003 Server * Microsoft Windows XP *	6
Application	Microsoft Microsoft Internet Explorer 7	1
Application	Netscape Netscape Navigator 9.0	1

References

http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
http://osvdb.org/46832

Vulnerabilities > CVE-2007-4042 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2007-4042"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2007-4042