CVE-2007-4040 Information

Description

Argument injection vulnerability involving Microsoft Outlook and Outlook Express when certain URIs are registered allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI which are inserted into the command line when invoking the handling process a similar issue to CVE-2007-3670.

Reference

http://larholm.com/2007/07/25/mozilla-protocol-abuse/ http://seclists.org/fulldisclosure/2007/Jul/0557.html