CVE-2007-3924

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer (affected versions not specified)

Description: The issue allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI. This occurs when Microsoft Internet Explorer is running on systems with Netscape installed and certain URIs registered. The problem arises because Internet Explorer does not properly delimit the URL argument when invoking netscape.exe, which could also affect other protocol handlers in Internet Explorer.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.