E07-06101
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
1
Year:
2007
Description
This strike exploits a vulnerability that exists in the way Microsoft Windows ShellExecute handles malformed URIs when dealing with Internet Explorer7. If the URI handlers mailto, news, nntp, snews, telnet, and http contain a % character in the URI the code is unable to connect those handlers to any registered application in the system. In this strike importing a vcf contact file in Microsoft Outlook or Express, and clicking the Go button will execute freecell.