Intrusion Prevention

MS.Windows.ShellExecute.URL.Parsing.Code.Execution

Description

This indicates an attack attempt against a remote code execution vulnerability in Microsoft Internet Explorer.
A vulnerability has been reported in IE that may allow an attacker to execute
arbitrary programs on a vulnerable system. This is possible because the user input filters fail to properly sanitize the URL passed to the "mailto:" protocol handler. An attacker may include shell commands by supplying an injection string through the URL.

Affected Products

Windows XP SP2 with IE7
Windows XP Pro x64 Edition with IE7
Windows XP Pro x64 Edition SP2 with IE7
Windows Server 2003 SP1 and Windows Server 2003 SP2 with IE7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2 with IE7
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems with IE7

Impact

System Compromise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

Apply the patch, available at the following web site:
http://www.microsoft.com/technet/security/advisory/943521.mspx

CVE References

CVE-2007-3896