1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: MS URI Handler CVE-2007-3896

Attack: MS URI Handler CVE-2007-3896

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects websites with maliciously formatted URI's attempting to execute remote code.

Additional Information

Microsoft Windows XP with Internet Explorer 7 is prone to a command-execution vulnerability due to a lack of proper input-sanitization.

This issue occurs when applications pass URIs to the operating system to handle. URIs containing percent-encoded characters, and directory traversal sequences can trigger the execution of applications.

This issue is due to a flaw in Microsoft Windows when it attempts to determine which application should be utilized when interpreting protocol-handlers such as 'mailto:', 'http:', and others.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.

Known attack vectors include following URIs in the following applications:
- Mozilla Firefox in versions prior to 2.0.6
- Skype in versions prior to
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.


  • Microsoft Internet Explorer 7.0


Certain applications that can be used as exploit vectors have been updated to securely handle URIs containing '%' characters.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube