CVE-2007-3896
EXPLOITEDInternet Explorer - Remote Code Execution via Invalid URI Handler Sequences
Title source: llmExploitation Summary
CVE-2007-3896 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Billy Rios.
AI-analyzed exploit summary This exploit demonstrates a command execution vulnerability in Microsoft Windows XP and Server 2003 with Internet Explorer 7 due to improper input sanitization. The PoC URI can trigger arbitrary command execution when followed in vulnerable applications.
Description
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Billy Rios · textremotewindows
https://www.exploit-db.com/exploits/30645
This exploit demonstrates a command execution vulnerability in Microsoft Windows XP and Server 2003 with Internet Explorer 7 due to improper input sanitization. The PoC URI can trigger arbitrary command execution when followed in vulnerable applications.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
Microsoft Windows XP/Server 2003 with Internet Explorer 7
No auth needed
Prerequisites:
Vulnerable version of Windows and Internet Explorer 7 · User interaction to follow malicious URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (40)
Core 40
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482437/100/0/threaded
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119159477404263&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481871/100/0/threaded
Various Sources x_refsource_misc
http://www.heise-security.co.uk/news/96982
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481680/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481664/100/0/threaded
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119159924712561&w=2
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=577
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481867/100/0/threaded
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/484186/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26201
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119168062128026&w=2
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119171444628628&w=2
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581
Various Sources x_refsource_misc
http://xs-sniper.com/blog/remote-command-exec-firefox-2005/
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119175323322021&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481846/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018831
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119194714125580&w=2
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119168727402084&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481881/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481671/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481839/100/0/threaded
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-317A.html
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119180333805950&w=2
Vendor Advisory vendor-advisory
x_refsource_mskb
http://www.microsoft.com/technet/security/advisory/943521.mspx
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481493/100/100/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481624/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25945
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481887/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482292/100/0/threaded
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/403150
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482090/100/0/threaded
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119143780202107&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/481505/100/0/threaded
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119195904813505&w=2
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=119170531020020&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=119144449915918&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018822
Scores
EPSS
0.8362
EPSS Percentile
99.3%
Details
VulnCheck KEV
2007-11-13
CWE
CWE-20
Status
published
Products (1)
microsoft/internet_explorer
7.0
Published
Oct 11, 2007
Tracked Since
Feb 18, 2026