Detections
Analytics

MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

high Nessus Plugin ID 28183

Synopsis

Vulnerabilities in the Windows Shell may allow a user to elevate his privileges.

Description

The remote version of Windows contains a version of the Windows Shell that contains a vulnerability in the way it handles URI.

An attacker might use this flaw to execute arbitrary commands on the remote host using attack vectors such as IE or other tools.

Solution

Microsoft has released a set of patches for Windows XP and 2003.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-061

Plugin Details

Severity: High

ID: 28183

File Name: smb_nt_ms07-061.nasl

Version: 1.37

Type: local

Agent: windows

Published: 11/13/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/13/2007

Vulnerability Publication Date: 7/25/2007

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2007-3896

BID: 25945

CWE: 20

CERT: 403150

MSFT: MS07-061

MSKB: 943460