CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4040

HIGH
8.8
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile11.25th
PublishedJul 27, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Outlook

All versions
πŸ“¦
Microsoft

Outlook Express

All versions

References & Advisories

πŸ”— http://larholm.com/2007/07/25/mozilla-protocol-abuse/
πŸ”— http://seclists.org/fulldisclosure/2007/Jul/0557.html
πŸ”— http://larholm.com/2007/07/25/mozilla-protocol-abuse/
πŸ”— http://seclists.org/fulldisclosure/2007/Jul/0557.html

Related Vulnerabilities

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...