Windows IE7 URI Handler command execution through Firefox

Added: 10/19/2007
CVE: CVE-2007-3896
BID: 25945
OSVDB: 41090


The shell32.dll library provides functions which handle interaction between Internet Explorer and the Windows shell.


The version of the shell32.dll library installed with Internet Explorer 7 does not properly validate malformed URIs containing a percent character (%). This allows command execution when a user follows a specially crafted link in other applications, such as Firefox.


Follow the recommendations in Microsoft Security Advisory 943521 and install a fix when available.



Exploit works on Microsoft Internet Explorer 7.0.5730.13 through Firefox

The SAINTexploit host must be able to bind to port 69/UDP.

Exploit requires the PERL threads module to be installed on the SAINTexploit host.


Windows XP

Back to exploit index