CVE-2007-3896

Name of the Vulnerable Software and Affected Versions: Windows XP and Server 2003 with Internet Explorer 7 installed

Description: The issue concerns the Windows shell's handling of URIs, specifically the URL handling in Shell32.dll, which allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler. This could potentially be exploited by including a specially crafted URI in an application or attachment, allowing for remote code execution. The issue might be related to other problems involving URL handlers in Windows systems and could also involve separate issues in applications invoked by the handlers.

Recommendations: For Windows XP and Server 2003 with Internet Explorer 7 installed, consider restricting the use of URI handlers to minimize the risk of exploitation until a fix is available. Avoid using applications that invoke URI handlers with untrusted input. As a temporary workaround, consider disabling the handling of mailto: and other URI handlers in the Windows shell until a patch is available.