CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-4040

HIGH
8.8
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile11.25th
Published2007年7月27日
Last Modified2026年4月23日

Vulnerability Description

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Affected Platforms (CPE)

📦
Microsoft

Outlook

All versions
📦
Microsoft

Outlook Express

All versions

References & Advisories

🔗 http://larholm.com/2007/07/25/mozilla-protocol-abuse/
🔗 http://seclists.org/fulldisclosure/2007/Jul/0557.html
🔗 http://larholm.com/2007/07/25/mozilla-protocol-abuse/
🔗 http://seclists.org/fulldisclosure/2007/Jul/0557.html

関連する脆弱性情報

CVE-2004-038010.0

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass do...

CVE-2001-053810.0

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-2012-139110.0

Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact...